Security Patch: mt_idle: avoid sscanf heap overflow

[Detail]
To add buffer size limitation in sscanf(%s)

M-ALPS03353869
CVE-2017-0827

BUG:65994220

Change-Id: Icebd9e86ca533dcd5425ed89c0488a64ed921f75
Signed-off-by: Piazza Lo <piazza.lo@mediatek.com>

1 files changed, 4 insertions, 4 deletions

diff --git a/arch/arm/mach-mt2601/mt_idle.c b/arch/arm/mach-mt2601/mt_idle.c
index f789fdd3268a..2d5bfb9c53c2 100644
--- a/arch/arm/mach-mt2601/mt_idle.c
+++ b/arch/arm/mach-mt2601/mt_idle.c
@@ -717,7 +717,7 @@ static ssize_t mcidle_state_store(struct kobject *kobj,
 	char cmd[32];
 	int param;
 
-	if (sscanf(buf, "%s %d", cmd, &param) == 2) {
+	if (sscanf(buf, "%31s %d", cmd, &param) == 2) {
 		if (!strcmp(cmd, "mcdle")) {
 			idle_switch[IDLE_TYPE_MC] = param;
 		} else if (!strcmp(cmd, "enable")) {
@@ -783,7 +783,7 @@ static ssize_t dpidle_state_store(struct kobject *kobj,
 	char cmd[32];
 	int param;
 
-	if (sscanf(buf, "%s %d", cmd, &param) == 2) {
+	if (sscanf(buf, "%31s %d", cmd, &param) == 2) {
 		if (!strcmp(cmd, "dpidle")) {
 			idle_switch[IDLE_TYPE_DP] = param;
 		} else if (!strcmp(cmd, "enable")) {
@@ -830,7 +830,7 @@ static ssize_t rgidle_state_store(struct kobject *kobj,
 	int param;
 
 	if(n < 32) {
-		if (sscanf(buf, "%s %d", cmd, &param) == 2) {
+		if (sscanf(buf, "%31s %d", cmd, &param) == 2) {
 			if (!strcmp(cmd, "rgidle")) {
 				idle_switch[IDLE_TYPE_RG] = param;
 			}
@@ -896,7 +896,7 @@ static ssize_t idle_state_store(struct kobject *kobj,
 	int idx;
 	int param;
 
-	if (sscanf(buf, "%s %x", cmd, &param) == 2) {
+	if (sscanf(buf, "%31s %x", cmd, &param) == 2) {
 		if (!strcmp(cmd, "switch")) {
 			for (idx = 0; idx < NR_TYPES; idx++) {
 #ifndef SPM_MCDI_FUNC