Hi, > -----Original Message----- > From: linux-usb-owner@xxxxxxxxxxxxxxx [mailto:linux-usb- > owner@xxxxxxxxxxxxxxx] On Behalf Of philippedeswert@xxxxxxxxx > Sent: Friday, May 09, 2014 2:51 PM > To: philippedeswert@xxxxxxxxx; linux-usb@xxxxxxxxxxxxxxx; > mporter@xxxxxxxxxx > Cc: Philippe De Swert > Subject: [PATCH 2/3] libusbg: Fix buffer overrun issue. CID#56128 > > From: Philippe De Swert <philippe.deswert@xxxxxxxxxxxxxxx> > > Avoid calling usbg_read_string with a 40 byte long buffer, which in > turn is filled in > by usbg_read_buf which uses a maximum of USBG_MAX_LENGTH which is > 256 bytes. > > Signed-off-by: Philippe De Swert <philippe.deswert@xxxxxxxxxxxxxxx> > --- > src/usbg.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/src/usbg.c b/src/usbg.c > index c226731..e7eee69 100644 > --- a/src/usbg.c > +++ b/src/usbg.c > @@ -681,7 +681,7 @@ static int > usbg_parse_function_net_attrs(usbg_function *f, > usbg_function_attrs *f_attrs) > { > struct ether_addr *addr; > - char str_addr[40]; > + char str_addr[USBG_MAX_PATH_LENGTH]; USBG_MAX_PATH_LENGTH is 4096, maybe use USBG_MAX_STR_LENGTH which is 256 instead? Moreover usbg_read_buf() uses USBG_MAX_STR_LENGTH constant in fgets() to read file content. -- BR's Krzysztof Opasiak -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
