[FIX] check message length

Change-Id: I8c68b90746bf0eaa8c5966825422408f0490fc59
Signed-off-by: Vyacheslav Cherkashin <v.cherkashin@samsung.com>

diff --git a/parser/swap_msg_parser.c b/parser/swap_msg_parser.c
index 23127fa..e374bf6 100644 (file)
--- a/parser/swap_msg_parser.c
+++ b/parser/swap_msg_parser.c
@@ -56,12 +56,18 @@ static int msg_handler(void __user *msg)
        struct msg_buf mb;
        void __user *payload;
        struct basic_msg_fmt bmf;
+       enum { size_max = 128 * 1024 * 1024 };
 
        ret = copy_from_user(&bmf, (void*)msg, sizeof(bmf));
        if (ret)
                return ret;
 
        size = bmf.len;
+       if (size >= size_max) {
+               printk("%s: too large message, size=%u\n", __func__, size);
+               return -ENOMEM;
+       }
+
        ret = init_mb(&mb, size);
        if (ret)
                return ret;