[PATCH v2 2/2] binder: Validate the default binderfs device names.

Hridya Valsaraju Tue, 06 Aug 2019 11:41:42 -0700

Length of a binderfs device name cannot exceed BINDERFS_MAX_NAME.
This patch adds a check in binderfs_init() to ensure the same
for the default binder devices that will be created in every
binderfs instance.


Co-developed-by: Christian Brauner <christian.brau...@ubuntu.com>
Signed-off-by: Christian Brauner <christian.brau...@ubuntu.com>
Signed-off-by: Hridya Valsaraju <hri...@google.com>
---
 drivers/android/binderfs.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/drivers/android/binderfs.c b/drivers/android/binderfs.c
index 886b4e0f482f..52c8bd361906 100644
--- a/drivers/android/binderfs.c
+++ b/drivers/android/binderfs.c
@@ -572,6 +572,18 @@ static struct file_system_type binder_fs_type = {
 int __init init_binderfs(void)
 {
        int ret;
+       const char *name;
+       size_t len;
+
+       /* Verify that the default binderfs device names are valid. */
+       name = binder_devices_param;
+       for (len = strcspn(name, ","); len > 0; len = strcspn(name, ",")) {
+               if (len > BINDERFS_MAX_NAME)
+                       return -E2BIG;
+               name += len;
+               if (*name == ',')
+                       name++;
+       }
 
        /* Allocate new major number for binderfs. */
        ret = alloc_chrdev_region(&binderfs_dev, 0, BINDERFS_MAX_MINOR,
-- 
2.22.0.770.g0f2c4a37fd-goog

[PATCH v2 2/2] binder: Validate the default binderfs device names.

Reply via email to