diff options
| author | Mohammed Javid <mjavid@codeaurora.org> | 2017-10-26 15:14:39 +0530 |
|---|---|---|
| committer | Mohammed Javid <mjavid@codeaurora.org> | 2019-07-10 13:13:49 +0530 |
| commit | eedc5c20ec7e980ed542bd4dd86288aa2f0c9855 (patch) | |
| tree | 94bf2c9161c64d5b8a36ce0a28eceacde741f721 | |
| parent | 8f672181451ff8be47e6a2a66a684be121460dbf (diff) | |
msm: ipa: Fix pointer checked for NULL may be used
Data pointer may be NULL, check for reset value
to be false in that case and return EINVAL for
invalid argument.
Change-Id: I05a4aa96724c123516a7965bd0e939bdf0c86553
Signed-off-by: Mohammed Javid <mjavid@codeaurora.org>
| -rw-r--r-- | drivers/platform/msm/ipa/ipa_v2/rmnet_ipa.c | 11 | ||||
| -rw-r--r-- | drivers/platform/msm/ipa/ipa_v3/rmnet_ipa.c | 11 |
2 files changed, 20 insertions, 2 deletions
diff --git a/drivers/platform/msm/ipa/ipa_v2/rmnet_ipa.c b/drivers/platform/msm/ipa/ipa_v2/rmnet_ipa.c index e80d3ad93afe..a49b338ea43c 100644 --- a/drivers/platform/msm/ipa/ipa_v2/rmnet_ipa.c +++ b/drivers/platform/msm/ipa/ipa_v2/rmnet_ipa.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2014-2018, The Linux Foundation. All rights reserved. +/* Copyright (c) 2014-2019, The Linux Foundation. All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 and @@ -2887,6 +2887,15 @@ int rmnet_ipa_query_tethering_stats_modem( struct ipa_get_data_stats_resp_msg_v01 *resp; int pipe_len, rc; + if (data != NULL) { + /* prevent string buffer overflows */ + data->upstreamIface[IFNAMSIZ-1] = '\0'; + data->tetherIface[IFNAMSIZ-1] = '\0'; + } else if (reset != false) { + /* Data can be NULL for reset stats, checking reset != False */ + return -EINVAL; + } + req = kzalloc(sizeof(struct ipa_get_data_stats_req_msg_v01), GFP_KERNEL); if (!req) { diff --git a/drivers/platform/msm/ipa/ipa_v3/rmnet_ipa.c b/drivers/platform/msm/ipa/ipa_v3/rmnet_ipa.c index 656b95316895..a071b78d1f93 100644 --- a/drivers/platform/msm/ipa/ipa_v3/rmnet_ipa.c +++ b/drivers/platform/msm/ipa/ipa_v3/rmnet_ipa.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2014-2018, The Linux Foundation. All rights reserved. +/* Copyright (c) 2014-2019, The Linux Foundation. All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 and @@ -3001,6 +3001,15 @@ static int rmnet_ipa3_query_tethering_stats_modem( struct ipa_get_data_stats_resp_msg_v01 *resp; int pipe_len, rc; + if (data != NULL) { + /* prevent string buffer overflows */ + data->upstreamIface[IFNAMSIZ-1] = '\0'; + data->tetherIface[IFNAMSIZ-1] = '\0'; + } else if (reset != false) { + /* Data can be NULL for reset stats, checking reset != False */ + return -EINVAL; + } + req = kzalloc(sizeof(struct ipa_get_data_stats_req_msg_v01), GFP_KERNEL); if (!req) { |