msm: ipa: gsb: Validate iface handle

Decode wrong iface handle from mux header of
corrupted packet, leads to invoke invalid index
of iface's tx_dp_notify, in turn leads to
segmentation fault.

So, validate the iface handle which is received
from status packet's mux header before invoking
tx_dp_notify of iface handle.

Change-Id: I21fd54a5c07d25f69a81d67eb4482ea1cc135ea9
Signed-off-by: Mohammed <mjavid@codeaurora.org>
tirimbino
Mohammed 6 years ago committed by Gerrit - the friendly Code Review server
parent 51683be8d3
commit db6d3ea14f
  1. 3
      drivers/platform/msm/ipa/ipa_clients/ipa_gsb.c

@ -758,7 +758,8 @@ static void ipa_gsb_tx_dp_notify(void *priv, enum ipa_dp_evt_type evt,
/* change to host order */
*(u32 *)mux_hdr = ntohl(*(u32 *)mux_hdr);
hdl = mux_hdr->iface_hdl;
if (!ipa_gsb_ctx->iface[hdl]) {
if ((hdl < 0) || (hdl >= MAX_SUPPORTED_IFACE) ||
!ipa_gsb_ctx->iface[hdl]) {
IPA_GSB_ERR("invalid hdl: %d and cb, drop the skb\n", hdl);
dev_kfree_skb_any(skb);
return;

Loading…
Cancel
Save