diff options
author | Linux Build Service Account <lnxbuild@localhost> | 2017-03-14 23:45:46 -0700 |
---|---|---|
committer | Gerrit - the friendly Code Review server <code-review@localhost> | 2017-03-14 23:45:45 -0700 |
commit | 3961be10c40b6629a2e5b4c1e0bc092f8e88712b (patch) | |
tree | e25327f222569ca8a148efd0ffb3549cd3cab3ba | |
parent | 040d1247eb795de2b2b40717ee46b9ee87d3fcaf (diff) | |
parent | 68020103af00280393da10039b968c95d68e526c (diff) |
Merge "soc: qcom: Avoid possible buffer overflow in service-locator"
-rw-r--r-- | drivers/soc/qcom/service-locator.c | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/drivers/soc/qcom/service-locator.c b/drivers/soc/qcom/service-locator.c index 8581ed587ead..0d6c1d62c732 100644 --- a/drivers/soc/qcom/service-locator.c +++ b/drivers/soc/qcom/service-locator.c @@ -266,10 +266,9 @@ static int service_locator_send_msg(struct pd_qmi_client_data *pd) if (!domains_read) { db_rev_count = pd->db_rev_count = resp->db_rev_count; pd->total_domains = resp->total_domains; - if (!pd->total_domains && resp->domain_list_len) { - pr_err("total domains not set\n"); - pd->total_domains = resp->domain_list_len; - } + if (!resp->total_domains) + pr_info("No matching domains found\n"); + pd->domain_list = kmalloc( sizeof(struct servreg_loc_entry_v01) * resp->total_domains, GFP_KERNEL); @@ -286,6 +285,10 @@ static int service_locator_send_msg(struct pd_qmi_client_data *pd) rc = -EAGAIN; goto out; } + if (resp->domain_list_len > resp->total_domains) { + /* Always read total_domains from the response msg */ + resp->domain_list_len = resp->total_domains; + } /* Copy the response*/ store_get_domain_list_response(pd, resp, domains_read); domains_read += resp->domain_list_len; |