From: Hridya Valsaraju <hridya@xxxxxxxxxx> Length of a binderfs device name cannot exceed BINDERFS_MAX_NAME. This patch adds a check in binderfs_init() to ensure the same for the default binder devices that will be created in every binderfs instance. Co-developed-by: Christian Brauner <christian.brauner@xxxxxxxxxx> Signed-off-by: Christian Brauner <christian.brauner@xxxxxxxxxx> Signed-off-by: Hridya Valsaraju <hridya@xxxxxxxxxx> Reviewed-by: Joel Fernandes (Google) <joel@xxxxxxxxxxxxxxxxx> Link: https://lore.kernel.org/r/20190808222727.132744-3-hridya@xxxxxxxxxx --- drivers/android/binderfs.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/drivers/android/binderfs.c b/drivers/android/binderfs.c index aee46dd1be91..55c5adb87585 100644 --- a/drivers/android/binderfs.c +++ b/drivers/android/binderfs.c @@ -570,6 +570,18 @@ static struct file_system_type binder_fs_type = { int __init init_binderfs(void) { int ret; + const char *name; + size_t len; + + /* Verify that the default binderfs device names are valid. */ + name = binder_devices_param; + for (len = strcspn(name, ","); len > 0; len = strcspn(name, ",")) { + if (len > BINDERFS_MAX_NAME) + return -E2BIG; + name += len; + if (*name == ',') + name++; + } /* Allocate new major number for binderfs. */ ret = alloc_chrdev_region(&binderfs_dev, 0, BINDERFS_MAX_MINOR, -- 2.23.0 _______________________________________________ devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxx http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
