UPSTREAM: binder: check for overflow when alloc for security context
authorTodd Kjos <tkjos@android.com>
Wed, 24 Apr 2019 19:31:18 +0000 (12:31 -0700)
committerJan Altensen <info@stricted.net>
Tue, 15 Oct 2019 12:36:06 +0000 (08:36 -0400)
commiteac842e2a1a24d84ea8aca4e504346715fec3674
tree319aa1f62ef181649c50a8ee6be7c116f2f10dc4
parente6b1105e27317b97ff0dbf4104f081767e742fee
UPSTREAM: binder: check for overflow when alloc for security context

commit 0b0509508beff65c1d50541861bc0d4973487dc5 upstream.

When allocating space in the target buffer for the security context,
make sure the extra_buffers_size doesn't overflow. This can only
happen if the given size is invalid, but an overflow can turn it
into a valid size. Fail the transaction if an overflow is detected.

Bug: 130571081
Change-Id: Ibaec652d2073491cc426a4a24004a848348316bf
Signed-off-by: Todd Kjos <tkjos@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/android/binder.c