Fix "Elevation of privilege vulnerability in MediaTek Hardware Sensor Driver"

CVE-2017-0517
author: fire855 <thefire855@gmail.com> 2017-04-08 20:41:24 +0200
committer: Mister Oyster <oysterized@gmail.com> 2017-05-28 17:57:33 +0200
commit: 85e2cf69caea06a776ad9a44d50e7e33f00be664 (patch)
tree: 82b6259c67bd7d2c857352988bb88316d85fb891
parent: 0cf7477e492f574470607c6326431f70518cd2c6 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/drivers/misc/mediatek/hwmon/hwmsen/hwmsen_dev.c b/drivers/misc/mediatek/hwmon/hwmsen/hwmsen_dev.c
index dcc8a7d74..1c901b8f7 100644
--- a/drivers/misc/mediatek/hwmon/hwmsen/hwmsen_dev.c
+++ b/drivers/misc/mediatek/hwmon/hwmsen/hwmsen_dev.c
@@ -602,7 +602,7 @@ static int hwmsen_enable(struct hwmdev_object *obj, int sensor, int enable)
 
 	sensor_type = 1 << sensor;
 
-	if (sensor > MAX_ANDROID_SENSOR_NUM) {
+	if (sensor > MAX_ANDROID_SENSOR_NUM || sensor < 0) {
 	    HWM_ERR("handle %d!\n", sensor);
 	    return -EINVAL;
 	}
@@ -728,7 +728,7 @@ static int hwmsen_enable_nodata(struct hwmdev_object *obj, int sensor, int enabl
 	HWM_FUN(f);
 	sensor_type = 1 << sensor;
 
-	if (sensor > MAX_ANDROID_SENSOR_NUM) {
+	if (sensor > MAX_ANDROID_SENSOR_NUM || sensor < 0) {
 	    HWM_ERR("handle %d!\n", sensor);
 	    return -EINVAL;
 	}
author	fire855 <thefire855@gmail.com>	2017-04-08 20:41:24 +0200
committer	Mister Oyster <oysterized@gmail.com>	2017-05-28 17:57:33 +0200
commit	85e2cf69caea06a776ad9a44d50e7e33f00be664 (patch)
tree	82b6259c67bd7d2c857352988bb88316d85fb891
parent	0cf7477e492f574470607c6326431f70518cd2c6 (diff)