diff options
Diffstat (limited to 'package/kernel/mac80211/patches/331-v4.18-0006-brcmfmac-validate-user-provided-data-for-memdump-bef.patch')
| -rw-r--r-- | package/kernel/mac80211/patches/331-v4.18-0006-brcmfmac-validate-user-provided-data-for-memdump-bef.patch | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/package/kernel/mac80211/patches/331-v4.18-0006-brcmfmac-validate-user-provided-data-for-memdump-bef.patch b/package/kernel/mac80211/patches/331-v4.18-0006-brcmfmac-validate-user-provided-data-for-memdump-bef.patch new file mode 100644 index 0000000..7ab6187 --- /dev/null +++ b/package/kernel/mac80211/patches/331-v4.18-0006-brcmfmac-validate-user-provided-data-for-memdump-bef.patch @@ -0,0 +1,32 @@ +From d2af9b566554e01f9ad67b330ce569dbc130e5d3 Mon Sep 17 00:00:00 2001 +From: Franky Lin <franky.lin@broadcom.com> +Date: Wed, 16 May 2018 14:12:01 +0200 +Subject: [PATCH] brcmfmac: validate user provided data for memdump before + copying + +In patch "brcmfmac: add support for sysfs initiated coredump", a new +scenario of brcmf_debug_create_memdump was added in which the user of +the function might not necessarily provide prefix data. Hence the +function should not assume the data is always valid and should perform a +check before copying. + +Reviewed-by: Arend van Spriel <arend.vanspriel@broadcom.com> +Signed-off-by: Franky Lin <franky.lin@broadcom.com> +Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com> +Signed-off-by: Kalle Valo <kvalo@codeaurora.org> +--- + drivers/net/wireless/broadcom/brcm80211/brcmfmac/debug.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/debug.c ++++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/debug.c +@@ -42,7 +42,8 @@ int brcmf_debug_create_memdump(struct br + if (!dump) + return -ENOMEM; + +- memcpy(dump, data, len); ++ if (data && len > 0) ++ memcpy(dump, data, len); + err = brcmf_bus_get_memdump(bus, dump + len, ramsize); + if (err) { + vfree(dump); |