net: ipc_router: Fix buffer overflow during memcpy
The increment logic of u64 pointer in skb_copy_to_log_buf() leads to buffer overflow. Modify the proto type of skb_copy_to_log_buf() function to accept only unsigned char pointer. CRs-Fixed: 2212592 Change-Id: I8affff1316656c1060ec57f2fb10b46f85314358 Signed-off-by: Arun Kumar Neelakantam <aneela@codeaurora.org>
This commit is contained in:
parent
c29adbec3e
commit
cb3673798b
|
@ -1,4 +1,4 @@
|
||||||
/* Copyright (c) 2011-2016, The Linux Foundation. All rights reserved.
|
/* Copyright (c) 2011-2016, 2018, The Linux Foundation. All rights reserved.
|
||||||
*
|
*
|
||||||
* This program is free software; you can redistribute it and/or modify
|
* This program is free software; you can redistribute it and/or modify
|
||||||
* it under the terms of the GNU General Public License version 2 and
|
* it under the terms of the GNU General Public License version 2 and
|
||||||
|
@ -217,7 +217,7 @@ static void init_routing_table(void)
|
||||||
*/
|
*/
|
||||||
static void skb_copy_to_log_buf(struct sk_buff_head *skb_head,
|
static void skb_copy_to_log_buf(struct sk_buff_head *skb_head,
|
||||||
unsigned int pl_len, unsigned int hdr_offset,
|
unsigned int pl_len, unsigned int hdr_offset,
|
||||||
uint64_t *log_buf)
|
unsigned char *log_buf)
|
||||||
{
|
{
|
||||||
struct sk_buff *temp_skb;
|
struct sk_buff *temp_skb;
|
||||||
unsigned int copied_len = 0, copy_len = 0;
|
unsigned int copied_len = 0, copy_len = 0;
|
||||||
|
@ -297,7 +297,8 @@ static void ipc_router_log_msg(void *log_ctx, uint32_t xchng_type,
|
||||||
else if (hdr->version == IPC_ROUTER_V2)
|
else if (hdr->version == IPC_ROUTER_V2)
|
||||||
hdr_offset = sizeof(struct rr_header_v2);
|
hdr_offset = sizeof(struct rr_header_v2);
|
||||||
}
|
}
|
||||||
skb_copy_to_log_buf(skb_head, buf_len, hdr_offset, &pl_buf);
|
skb_copy_to_log_buf(skb_head, buf_len, hdr_offset,
|
||||||
|
(unsigned char *)&pl_buf);
|
||||||
|
|
||||||
if (port_ptr && rport_ptr && (port_ptr->type == CLIENT_PORT)
|
if (port_ptr && rport_ptr && (port_ptr->type == CLIENT_PORT)
|
||||||
&& (rport_ptr->server != NULL)) {
|
&& (rport_ptr->server != NULL)) {
|
||||||
|
|
Loading…
Reference in New Issue