qseecom : Clear client handle after unmap the resources

When unloading the app, reset all client members to NULL to protect from accessing the memory after being freed. Bug: 143973884 Change-Id: I573b9c6fde03539522d2b04724a2246660c62518 Signed-off-by: jitendra thakare <jitendrathakare@codeaurora.org> CVE-2019-14040 Signed-off-by: Kevin F. Haggerty <haggertk@lineageos.org>
2019-09-12 19:46:48 +05:30 · 2019-09-12 19:46:48 +05:30 · 8a3dfe4f5f
parent f9cc3d1366
commit 8a3dfe4f5f
1 changed files with 2 additions and 1 deletions
--- a/drivers/misc/qseecom.c
+++ b/drivers/misc/qseecom.c
@ -1110,7 +1110,8 @@ static int qseecom_unmap_ion_allocated_memory(struct qseecom_dev_handle *data)
 	if (!IS_ERR_OR_NULL(data->client.ihandle)) {
 		ion_unmap_kernel(qseecom.ion_clnt, data->client.ihandle);
 		ion_free(qseecom.ion_clnt, data->client.ihandle);
-		data->client.ihandle = NULL;
+		memset((void *)&data->client,
+			0, sizeof(struct qseecom_client_handle));
 	}
 	return ret;
 }