qdsp6v2: apr: check for packet size to header size comparison
Check if packet size is large enough to hold the header. Change-Id: I7261f8111d8b5f4f7c181e469de248a732242d64 Signed-off-by: Vatsal Bucha <vbucha@codeaurora.org> [haggertk: backport to 3.4/msm8974] CVE-2019-2331 Signed-off-by: Kevin F. Haggerty <haggertk@lineageos.org>
This commit is contained in:
parent
f152bfc973
commit
d9d138fcdf
|
@ -364,6 +364,12 @@ void apr_cb_func(void *buf, int len, void *priv)
|
|||
pr_err("APR: Wrong paket size\n");
|
||||
return;
|
||||
}
|
||||
|
||||
if (hdr->pkt_size < hdr_size) {
|
||||
pr_err("APR: Packet size less than header size\n");
|
||||
return;
|
||||
}
|
||||
|
||||
msg_type = hdr->hdr_field;
|
||||
msg_type = (msg_type >> 0x08) & 0x0003;
|
||||
if (msg_type >= APR_MSG_TYPE_MAX && msg_type != APR_BASIC_RSP_RESULT) {
|
||||
|
|
Loading…
Reference in New Issue