media: rc: validate that "rc_proto" is reasonable

author Dan Carpenter <dan.carpenter@oracle.com>

Fri, 30 Oct 2020 11:52:30 +0000 (12:52 +0100)

committer Mauro Carvalho Chehab <mchehab+huawei@kernel.org>

Tue, 17 Nov 2020 05:57:10 +0000 (06:57 +0100)
author Dan Carpenter <dan.carpenter@oracle.com>
Fri, 30 Oct 2020 11:52:30 +0000 (12:52 +0100)
committer Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Tue, 17 Nov 2020 05:57:10 +0000 (06:57 +0100)
diff --git a/drivers/media/rc/lirc_dev.c b/drivers/media/rc/lirc_dev.c

index 220363b..116daf9 100644 (file)
--- a/drivers/media/rc/lirc_dev.c
+++ b/drivers/media/rc/lirc_dev.c
@@ -263,7 +263,8 @@ static ssize_t lirc_transmit(struct file *file, const char __user *buf,
                         goto out_unlock;
                 }
  
-               if (scan.flags || scan.keycode || scan.timestamp) {
+               if (scan.flags || scan.keycode || scan.timestamp ||
+                   scan.rc_proto > RC_PROTO_MAX) {
                         ret = -EINVAL;
                         goto out_unlock;
                 }
diff --git a/include/uapi/linux/lirc.h b/include/uapi/linux/lirc.h

index f99d9dc..c1eb960 100644 (file)
--- a/include/uapi/linux/lirc.h
+++ b/include/uapi/linux/lirc.h
@@ -226,6 +226,7 @@ enum rc_proto {
         RC_PROTO_RCMM24         = 25,
         RC_PROTO_RCMM32         = 26,
         RC_PROTO_XBOX_DVD       = 27,
+       RC_PROTO_MAX            = RC_PROTO_XBOX_DVD,
  };
  
  #endif
author	Dan Carpenter <dan.carpenter@oracle.com>
	Fri, 30 Oct 2020 11:52:30 +0000 (12:52 +0100)
committer	Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
	Tue, 17 Nov 2020 05:57:10 +0000 (06:57 +0100)
drivers/media/rc/lirc_dev.c		patch \| blob \| history
include/uapi/linux/lirc.h		patch \| blob \| history