[PATCH 1/1] v4l: Check pad arguments for [gs]_frame

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH 1/1] v4l: Check pad arguments for [gs]_frame_interval
@ 2014-03-31  8:23 Sakari Ailus
  2014-05-23  9:24 ` Laurent Pinchart
  0 siblings, 1 reply; 3+ messages in thread
From: Sakari Ailus @ 2014-03-31  8:23 UTC (permalink / raw)
  To: linux-media

VIDIOC_SUBDEV_[GS]_FRAME_INTERVAL IOCTLs argument structs contain the pad
field but the validity check was missing. There should be no implications
security-wise from this since no driver currently uses the pad field in the
struct.

Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com>
---
 drivers/media/v4l2-core/v4l2-subdev.c | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/drivers/media/v4l2-core/v4l2-subdev.c b/drivers/media/v4l2-core/v4l2-subdev.c
index aea84ac..0ed4c5b 100644
--- a/drivers/media/v4l2-core/v4l2-subdev.c
+++ b/drivers/media/v4l2-core/v4l2-subdev.c
@@ -305,11 +305,23 @@ static long subdev_do_ioctl(struct file *file, unsigned int cmd, void *arg)
 					fse);
 	}
 
-	case VIDIOC_SUBDEV_G_FRAME_INTERVAL:
+	case VIDIOC_SUBDEV_G_FRAME_INTERVAL: {
+		struct v4l2_subdev_frame_interval *fi = arg;
+
+		if (fi->pad >= sd->entity.num_pads)
+			return -EINVAL;
+
 		return v4l2_subdev_call(sd, video, g_frame_interval, arg);
+	}
+
+	case VIDIOC_SUBDEV_S_FRAME_INTERVAL: {
+		struct v4l2_subdev_frame_interval *fi = arg;
+
+		if (fi->pad >= sd->entity.num_pads)
+			return -EINVAL;
 
-	case VIDIOC_SUBDEV_S_FRAME_INTERVAL:
 		return v4l2_subdev_call(sd, video, s_frame_interval, arg);
+	}
 
 	case VIDIOC_SUBDEV_ENUM_FRAME_INTERVAL: {
 		struct v4l2_subdev_frame_interval_enum *fie = arg;
-- 
1.8.3.2


^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH 1/1] v4l: Check pad arguments for [gs]_frame_interval
  2014-03-31  8:23 [PATCH 1/1] v4l: Check pad arguments for [gs]_frame_interval Sakari Ailus
@ 2014-05-23  9:24 ` Laurent Pinchart
  2014-05-23  9:40   ` Sakari Ailus
  0 siblings, 1 reply; 3+ messages in thread
From: Laurent Pinchart @ 2014-05-23  9:24 UTC (permalink / raw)
  To: Sakari Ailus; +Cc: linux-media

Hi Sakari,

Thank you for the patch.

On Monday 31 March 2014 11:23:08 Sakari Ailus wrote:
> VIDIOC_SUBDEV_[GS]_FRAME_INTERVAL IOCTLs argument structs contain the pad
> field but the validity check was missing. There should be no implications
> security-wise from this since no driver currently uses the pad field in the
> struct.
> 
> Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com>

Acked-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>

> ---
>  drivers/media/v4l2-core/v4l2-subdev.c | 16 ++++++++++++++--
>  1 file changed, 14 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/media/v4l2-core/v4l2-subdev.c
> b/drivers/media/v4l2-core/v4l2-subdev.c index aea84ac..0ed4c5b 100644
> --- a/drivers/media/v4l2-core/v4l2-subdev.c
> +++ b/drivers/media/v4l2-core/v4l2-subdev.c
> @@ -305,11 +305,23 @@ static long subdev_do_ioctl(struct file *file,
> unsigned int cmd, void *arg) fse);
>  	}
> 
> -	case VIDIOC_SUBDEV_G_FRAME_INTERVAL:
> +	case VIDIOC_SUBDEV_G_FRAME_INTERVAL: {
> +		struct v4l2_subdev_frame_interval *fi = arg;
> +
> +		if (fi->pad >= sd->entity.num_pads)
> +			return -EINVAL;
> +
>  		return v4l2_subdev_call(sd, video, g_frame_interval, arg);
> +	}
> +
> +	case VIDIOC_SUBDEV_S_FRAME_INTERVAL: {
> +		struct v4l2_subdev_frame_interval *fi = arg;
> +
> +		if (fi->pad >= sd->entity.num_pads)
> +			return -EINVAL;
> 
> -	case VIDIOC_SUBDEV_S_FRAME_INTERVAL:
>  		return v4l2_subdev_call(sd, video, s_frame_interval, arg);
> +	}
> 
>  	case VIDIOC_SUBDEV_ENUM_FRAME_INTERVAL: {
>  		struct v4l2_subdev_frame_interval_enum *fie = arg;

-- 
Regards,

Laurent Pinchart


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH 1/1] v4l: Check pad arguments for [gs]_frame_interval
  2014-05-23  9:24 ` Laurent Pinchart
@ 2014-05-23  9:40   ` Sakari Ailus
  0 siblings, 0 replies; 3+ messages in thread
From: Sakari Ailus @ 2014-05-23  9:40 UTC (permalink / raw)
  To: Laurent Pinchart; +Cc: linux-media

Laurent Pinchart wrote:
> Hi Sakari,
>
> Thank you for the patch.
>
> On Monday 31 March 2014 11:23:08 Sakari Ailus wrote:
>> VIDIOC_SUBDEV_[GS]_FRAME_INTERVAL IOCTLs argument structs contain the pad
>> field but the validity check was missing. There should be no implications
>> security-wise from this since no driver currently uses the pad field in the
>> struct.
>>
>> Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com>
>
> Acked-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>

Mauro has already pulled the set which this patch was a part of. Good 
that no problems were found. Thanks. :-)

-- 
Sakari Ailus
sakari.ailus@linux.intel.com

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2014-05-23  9:40 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-03-31  8:23 [PATCH 1/1] v4l: Check pad arguments for [gs]_frame_interval Sakari Ailus
2014-05-23  9:24 ` Laurent Pinchart
2014-05-23  9:40   ` Sakari Ailus

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.