qseecom: check invalid handle for app loaded query request

author Zhen Kong <zkong@codeaurora.org>

Tue, 27 Aug 2019 21:02:35 +0000 (14:02 -0700)

committer Zhen Kong <zkong@codeaurora.org>

Fri, 30 Aug 2019 21:51:37 +0000 (14:51 -0700)
author Zhen Kong <zkong@codeaurora.org>
Tue, 27 Aug 2019 21:02:35 +0000 (14:02 -0700)
committer Zhen Kong <zkong@codeaurora.org>
Fri, 30 Aug 2019 21:51:37 +0000 (14:51 -0700)
diff --git a/drivers/misc/qseecom.c b/drivers/misc/qseecom.c

index e85b2b8..c002f8c 100644 (file)
--- a/drivers/misc/qseecom.c
+++ b/drivers/misc/qseecom.c
@@ -1,6 +1,6 @@
  /*Qualcomm Secure Execution Environment Communicator (QSEECOM) driver
   *
- * Copyright (c) 2012-2018, The Linux Foundation. All rights reserved.
+ * Copyright (c) 2012-2019, The Linux Foundation. All rights reserved.
   *
   * This program is free software; you can redistribute it and/or modify
   * it under the terms of the GNU General Public License version 2 and
@@ -7281,6 +7281,13 @@ long qseecom_ioctl(struct file *file, unsigned cmd, unsigned long arg)
                 break;
         }
         case QSEECOM_IOCTL_APP_LOADED_QUERY_REQ: {
+               if ((data->type != QSEECOM_GENERIC) &&
+                       (data->type != QSEECOM_CLIENT_APP)) {
+                       pr_err("app loaded query req: invalid handle (%d)\n",
+                                                               data->type);
+                       ret = -EINVAL;
+                       break;
+               }
                 data->type = QSEECOM_CLIENT_APP;
                 mutex_lock(&app_access_lock);
                 atomic_inc(&data->ioctl_count);
author	Zhen Kong <zkong@codeaurora.org>
	Tue, 27 Aug 2019 21:02:35 +0000 (14:02 -0700)
committer	Zhen Kong <zkong@codeaurora.org>
	Fri, 30 Aug 2019 21:51:37 +0000 (14:51 -0700)