On Wed, Mar 17, 2021 at 04:55:22PM -0700, Gwendal Grignou wrote:
commit 5d749d0bbe811c10d9048cde6dfebc761713abfd upstream.
Prevent memory scribble by checking that ioctl buffer size parameters are sane. Without this check, on 32 bits system, if .insize = 0xffffffff - 20 and .outsize the amount to scribble, we would overflow, allocate a small amounts and be able to write outside of the malloc'ed area. Adding a hard limit allows argument checking of the ioctl. With the current EC, it is expected .insize and .outsize to be at around 512 bytes or less.
Signed-off-by: Olof Johansson olof@lixom.net Signed-off-by: Gwendal Grignou gwendal@chromium.org
drivers/platform/chrome/cros_ec_dev.c | 4 ++++ drivers/platform/chrome/cros_ec_proto.c | 4 ++-- include/linux/mfd/cros_ec.h | 6 ++++-- 3 files changed, 10 insertions(+), 4 deletions(-)
What stable tree(s) are you wanting this to be applied to?
Always give us a hint...
thanks,
greg k-h