From 85e2cf69caea06a776ad9a44d50e7e33f00be664 Mon Sep 17 00:00:00 2001
From: fire855 <thefire855@gmail.com>
Date: Sat, 8 Apr 2017 20:41:24 +0200
Subject: Fix "Elevation of privilege vulnerability in MediaTek Hardware Sensor
 Driver"

CVE-2017-0517
---
 drivers/misc/mediatek/hwmon/hwmsen/hwmsen_dev.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/misc/mediatek/hwmon/hwmsen/hwmsen_dev.c b/drivers/misc/mediatek/hwmon/hwmsen/hwmsen_dev.c
index dcc8a7d74..1c901b8f7 100644
--- a/drivers/misc/mediatek/hwmon/hwmsen/hwmsen_dev.c
+++ b/drivers/misc/mediatek/hwmon/hwmsen/hwmsen_dev.c
@@ -602,7 +602,7 @@ static int hwmsen_enable(struct hwmdev_object *obj, int sensor, int enable)
 
 	sensor_type = 1 << sensor;
 
-	if (sensor > MAX_ANDROID_SENSOR_NUM) {
+	if (sensor > MAX_ANDROID_SENSOR_NUM || sensor < 0) {
 	    HWM_ERR("handle %d!\n", sensor);
 	    return -EINVAL;
 	}
@@ -728,7 +728,7 @@ static int hwmsen_enable_nodata(struct hwmdev_object *obj, int sensor, int enabl
 	HWM_FUN(f);
 	sensor_type = 1 << sensor;
 
-	if (sensor > MAX_ANDROID_SENSOR_NUM) {
+	if (sensor > MAX_ANDROID_SENSOR_NUM || sensor < 0) {
 	    HWM_ERR("handle %d!\n", sensor);
 	    return -EINVAL;
 	}
-- 
cgit v1.2.3