staging: gs_fpgaboot: add buffer overflow checks
authorJacob von Chorus <jacobvonchorus@cwphoto.ca>
Fri, 28 Jul 2017 21:06:16 +0000 (17:06 -0400)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Sat, 29 Jul 2017 00:07:37 +0000 (17:07 -0700)
commita46393aba77c870ef73beb417c48af4df43cb342
tree084fe9dd76bfe0e49ef22e436adb528b86a73dde
parentee714b80eaf7da35d82d663546c22d8cd016e8aa
staging: gs_fpgaboot: add buffer overflow checks

Four fields in struct fpgaimage are char arrays of length MAX_STR (256).
The amount of data read into these buffers is controlled by a length
field in the bitstream file read from userspace. If a corrupt or
malicious firmware file was supplied, kernel data beyond these buffers
can be overwritten arbitrarily.

This patch adds a check of the bitstream's length value to ensure it
fits within the bounds of the allocated buffers. An error condition is
returned from gs_read_bitstream if any of the reads fail.

Signed-off-by: Jacob von Chorus <jacobvonchorus@cwphoto.ca>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/staging/gs_fpgaboot/gs_fpgaboot.c