From 17b53e36d39385721ceacd512cc503d3f6ccb7e2 Mon Sep 17 00:00:00 2001
From: Vyacheslav Cherkashin <v.cherkashin@samsung.com>
Date: Tue, 17 Dec 2013 12:21:45 +0400
Subject: [PATCH] [FIX] check message length

Change-Id: I8c68b90746bf0eaa8c5966825422408f0490fc59
Signed-off-by: Vyacheslav Cherkashin <v.cherkashin@samsung.com>
---
 parser/swap_msg_parser.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/parser/swap_msg_parser.c b/parser/swap_msg_parser.c
index 23127fa..e374bf6 100644
--- a/parser/swap_msg_parser.c
+++ b/parser/swap_msg_parser.c
@@ -56,12 +56,18 @@ static int msg_handler(void __user *msg)
 	struct msg_buf mb;
 	void __user *payload;
 	struct basic_msg_fmt bmf;
+	enum { size_max = 128 * 1024 * 1024 };
 
 	ret = copy_from_user(&bmf, (void*)msg, sizeof(bmf));
 	if (ret)
 		return ret;
 
 	size = bmf.len;
+	if (size >= size_max) {
+		printk("%s: too large message, size=%u\n", __func__, size);
+		return -ENOMEM;
+	}
+
 	ret = init_mb(&mb, size);
 	if (ret)
 		return ret;
-- 
2.7.4