diag: Update msg mask's ranges properly

There is a possibility of out-of-bound read if msg mask ranges received from peripheral are more than max ssid per range. Cap msg mask's ssid ranges to MAX_SSID_PER_RANGE if ranges received from peripheral are greater than the same. Change-Id: I886692ad223e16678bfaecbe381c62fdf3503cb5 Signed-off-by: Hardik Arya <harya@codeaurora.org>
author: Hardik Arya <harya@codeaurora.org> 2018-08-08 14:46:20 +0530
committer: Hardik Arya <harya@codeaurora.org> 2018-08-28 16:55:36 +0530
commit: 36ae97dea0a60504004135df55127de9961cbdcc (patch)
tree: ba0f096829ff270a294b5597f7b3388d450ee6f7 /drivers/char
parent: 87d4444575cd6c2810639a93ccf75fc364bca3e5 (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/drivers/char/diag/diagfwd_cntl.c b/drivers/char/diag/diagfwd_cntl.c
index 8fb9227d8cb8..a969ee02655a 100644
--- a/drivers/char/diag/diagfwd_cntl.c
+++ b/drivers/char/diag/diagfwd_cntl.c
@@ -613,7 +613,12 @@ static int update_msg_mask_tbl_entry(struct diag_msg_mask_t *mask,
 	}
 	if (range->ssid_last >= mask->ssid_last) {
 		temp_range = range->ssid_last - mask->ssid_first + 1;
-		mask->ssid_last = range->ssid_last;
+		if (temp_range > MAX_SSID_PER_RANGE) {
+			temp_range = MAX_SSID_PER_RANGE;
+			mask->ssid_last = mask->ssid_first + temp_range - 1;
+		} else
+			mask->ssid_last = range->ssid_last;
+		mask->ssid_last_tools = mask->ssid_last;
 		mask->range = temp_range;
 	}
author	Hardik Arya <harya@codeaurora.org>	2018-08-08 14:46:20 +0530
committer	Hardik Arya <harya@codeaurora.org>	2018-08-28 16:55:36 +0530
commit	36ae97dea0a60504004135df55127de9961cbdcc (patch)
tree	ba0f096829ff270a294b5597f7b3388d450ee6f7 /drivers/char
parent	87d4444575cd6c2810639a93ccf75fc364bca3e5 (diff)