Skip to content

Commit

Permalink
gpio: GPIO_GET_CHIPINFO_IOCTL: Fix line offset validation
Browse files Browse the repository at this point in the history 
The current line offset validation is off by one. Depending on the data
stored behind the descs array this can either cause undefined behavior or
disclose arbitrary, potentially sensitive, memory to the issuing userspace
application.

Make sure that offset is within the bounds of the desc array.

Cc: stable@vger.kernel.org
Fixes: 521a2ad ("gpio: add userspace ABI for GPIO line information")
Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
  • Loading branch information
Lars-Peter Clausen authored and Linus Walleij committed Oct 21, 2016
1 parent 67bf515 commit 1f1cc45
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion drivers/gpio/gpiolib.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -839,7 +839,7 @@ static long gpio_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)

if (copy_from_user(&lineinfo, ip, sizeof(lineinfo)))
return -EFAULT;
if (lineinfo.line_offset > gdev->ngpio)
if (lineinfo.line_offset >= gdev->ngpio)
return -EINVAL;

desc = &gdev->descs[lineinfo.line_offset];
Expand Down

0 comments on commit 1f1cc45

Please sign in to comment.