mirror of
https://github.com/hardkernel/linux.git
synced 2026-03-25 03:50:24 +09:00
25723698d7
PD#OTT-5999
[Problem]
In binder_transaction of binder.c, there is a possible out of bounds
write due to an integer overflow. This could lead to local escalation of
privilege with noadditional execution privileges needed. User interaction
is needed for exploitation.
The fix is designed to check for the integer overflow.
[Solution]
UPSTREAM: binder: check for overflow when alloc for security context
commit 0b0509508b upstream.
When allocating space in the target buffer for the security context,
make sure the extra_buffers_size doesn't overflow. This can only
happen if the given size is invalid, but an overflow can turn it
into a valid size. Fail the transaction if an overflow is detected.
Bug: 130571081
Change-Id: Ibaec652d2073491cc426a4a24004a848348316bf
Signed-off-by: Todd Kjos <tkjos@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Hanjie Lin <hanjie.lin@amlogic.com>