commit fcd7395ffcb96a8b7d2cc5c939dc3c61a2cb5b2c
author Sanket Padawe <sanketpadawe@google.com> Mon Jun 06 11:21:24 2016 -0700
committer Sanket Padawe <sanketpadawe@google.com> Mon Jun 06 11:21:24 2016 -0700
tree 8c502d89e5d5fa6ff3d4596baf59c6058733efd6
parent a0b379fe68152bedaa3b1eed1d84c5c4fbf11ae1

Increase buffer size for storing /proc/cmdline to avoid buffer overflow.

Bug: 29115540
Change-Id: I875532f119aef908f7c7afbbd2224a5252c972ee

rild/rild.c

diff --git a/rild/rild.c b/rild/rild.c
index a3090cd..0e0d056 100644
--- a/rild/rild.c
+++ b/rild/rild.c
@@ -207,12 +207,25 @@
 #define  REFERENCE_RIL_PATH  "libreference-ril.so"
 
         /* first, read /proc/cmdline into memory */
-        char          buffer[1024] = {'\0'}, *p, *q;
+        char          buffer[2048] = {'\0'}, *p, *q;
         int           len;
+        struct stat   st;
         int           fd = open("/proc/cmdline",O_RDONLY);
 
         if (fd < 0) {
-            RLOGD("could not open /proc/cmdline:%s", strerror(errno));
+            RLOGE("could not open /proc/cmdline:%s", strerror(errno));
+            goto OpenLib;
+        }
+
+        if (fstat(fd, &st)) {
+            RLOGE("fstat error: %s", strerror(errno));
+            close(fd);
+            goto OpenLib;
+        }
+
+        if (st.st_size > sizeof(buffer) - 1) {
+            RLOGE("Size of /proc/cmdline exceeds buffer");
+            close(fd);
             goto OpenLib;
         }
 
@@ -221,7 +234,7 @@
         while (len == -1 && errno == EINTR);
 
         if (len < 0) {
-            RLOGD("could not read /proc/cmdline:%s", strerror(errno));
+            RLOGE("could not read /proc/cmdline:%s", strerror(errno));
             close(fd);
             goto OpenLib;
         }