Fix "[Security Vulnerability] Thermal:potential buffer overflow" issue
Problem:
lack of boundary check of user input parameter before copy_from_user.
Solution:
Add boundary protection to prevent buffer overflow
Bug num:28085410
Change-Id: I178730c373ed3eab3e197b10362c987df659e4c3
Signed-off-by: yang-cy.chen <yang-cy.chen@mediatek.com>
(cherry picked from commit e2c408685e93f73ca16b9d5bc23a186f258a1617)
diff --git a/drivers/misc/mediatek/thermal/mtk_cooler_cam.c b/drivers/misc/mediatek/thermal/mtk_cooler_cam.c
index 641b31c..c3ad8aa 100644
--- a/drivers/misc/mediatek/thermal/mtk_cooler_cam.c
+++ b/drivers/misc/mediatek/thermal/mtk_cooler_cam.c
@@ -39,6 +39,8 @@
int ret = 0;
char tmp[MAX_LEN] = { 0 };
+ len = min(len,MAX_LEN-1);
+
/* write data to the buffer */
if (copy_from_user(tmp, buf, len)) {
return -EFAULT;
diff --git a/drivers/misc/mediatek/thermal/mtk_cooler_vrt.c b/drivers/misc/mediatek/thermal/mtk_cooler_vrt.c
index 6ca3c99..d571b16 100644
--- a/drivers/misc/mediatek/thermal/mtk_cooler_vrt.c
+++ b/drivers/misc/mediatek/thermal/mtk_cooler_vrt.c
@@ -36,6 +36,8 @@
int ret = 0;
char tmp[MAX_LEN] = { 0 };
+ len = min(len,MAX_LEN-1);
+
/* write data to the buffer */
if (copy_from_user(tmp, buf, len)) {
return -EFAULT;