Fix "[Security Vulnerability] Thermal:potential buffer overflow" issue Problem: lack of boundary check of user input parameter before copy_from_user. Solution: Add boundary protection to prevent buffer overflow Bug num:28085410 Change-Id: I178730c373ed3eab3e197b10362c987df659e4c3 Signed-off-by: yang-cy.chen <yang-cy.chen@mediatek.com> (cherry picked from commit e2c408685e93f73ca16b9d5bc23a186f258a1617)

commit: 75437f20cc1beb366406e7ac67b53ef2f1174244 [log] [tgz]
author: yang-cy.chen <yang-cy.chen@mediatek.com> Tue Apr 19 19:48:48 2016 +0800
committer: Gediminas Ramanauskas <gedis@google.com> Wed Apr 20 21:58:25 2016 +0000
tree: 17139ca5394d2a81b5fd5714dd9745ebbd9fc272
parent: ae53126d701dd66fe05abd45b40f4e4ee317ca05 [diff]
diff --git a/drivers/misc/mediatek/thermal/mtk_cooler_cam.c b/drivers/misc/mediatek/thermal/mtk_cooler_cam.c
index 641b31c..c3ad8aa 100644
--- a/drivers/misc/mediatek/thermal/mtk_cooler_cam.c
+++ b/drivers/misc/mediatek/thermal/mtk_cooler_cam.c

@@ -39,6 +39,8 @@
 	int ret = 0;
 	char tmp[MAX_LEN] = { 0 };
 
+        len = min(len,MAX_LEN-1);
+
 	/* write data to the buffer */
 	if (copy_from_user(tmp, buf, len)) {
 		return -EFAULT;

diff --git a/drivers/misc/mediatek/thermal/mtk_cooler_vrt.c b/drivers/misc/mediatek/thermal/mtk_cooler_vrt.c
index 6ca3c99..d571b16 100644
--- a/drivers/misc/mediatek/thermal/mtk_cooler_vrt.c
+++ b/drivers/misc/mediatek/thermal/mtk_cooler_vrt.c

@@ -36,6 +36,8 @@
 	int ret = 0;
 	char tmp[MAX_LEN] = { 0 };
 
+        len = min(len,MAX_LEN-1);
+
 	/* write data to the buffer */
 	if (copy_from_user(tmp, buf, len)) {
 		return -EFAULT;
commit	75437f20cc1beb366406e7ac67b53ef2f1174244	[log] [tgz]
author	yang-cy.chen <yang-cy.chen@mediatek.com>	Tue Apr 19 19:48:48 2016 +0800
committer	Gediminas Ramanauskas <gedis@google.com>	Wed Apr 20 21:58:25 2016 +0000
tree	17139ca5394d2a81b5fd5714dd9745ebbd9fc272
parent	ae53126d701dd66fe05abd45b40f4e4ee317ca05 [diff]