From: Luiz Augusto von Dentz <luiz.von.dentz@xxxxxxxxx>
strcat will attempt to append the 2 strings but it assumes the
destination is big enough to hold the result.
---
tools/hciattach.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/tools/hciattach.c b/tools/hciattach.c
index 4dc5be5..59a76a7 100644
--- a/tools/hciattach.c
+++ b/tools/hciattach.c
@@ -1358,6 +1358,12 @@ int main(int argc, char *argv[])
dev[0] = 0;
if (!strchr(opt, '/'))
strcpy(dev, "/dev/");
+
+ if (strlen(opt) > PATH_MAX - (strlen(dev) + 1)) {
+ fprintf(stderr, "Invalid serial device\n");
+ exit(1);
+ }
+
strcat(dev, opt);
break;
--
2.4.3
--
To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
