Increase buffer size for storing /proc/cmdline to avoid buffer overflow.
Bug: 29115540
Change-Id: I875532f119aef908f7c7afbbd2224a5252c972ee
diff --git a/rild/rild.c b/rild/rild.c
index a3090cd..0e0d056 100644
--- a/rild/rild.c
+++ b/rild/rild.c
@@ -207,12 +207,25 @@
#define REFERENCE_RIL_PATH "libreference-ril.so"
/* first, read /proc/cmdline into memory */
- char buffer[1024] = {'\0'}, *p, *q;
+ char buffer[2048] = {'\0'}, *p, *q;
int len;
+ struct stat st;
int fd = open("/proc/cmdline",O_RDONLY);
if (fd < 0) {
- RLOGD("could not open /proc/cmdline:%s", strerror(errno));
+ RLOGE("could not open /proc/cmdline:%s", strerror(errno));
+ goto OpenLib;
+ }
+
+ if (fstat(fd, &st)) {
+ RLOGE("fstat error: %s", strerror(errno));
+ close(fd);
+ goto OpenLib;
+ }
+
+ if (st.st_size > sizeof(buffer) - 1) {
+ RLOGE("Size of /proc/cmdline exceeds buffer");
+ close(fd);
goto OpenLib;
}
@@ -221,7 +234,7 @@
while (len == -1 && errno == EINTR);
if (len < 0) {
- RLOGD("could not read /proc/cmdline:%s", strerror(errno));
+ RLOGE("could not read /proc/cmdline:%s", strerror(errno));
close(fd);
goto OpenLib;
}