> -----Original Message----- > From: linux-usb-owner@xxxxxxxxxxxxxxx [mailto:linux-usb- > owner@xxxxxxxxxxxxxxx] On Behalf Of philippedeswert@xxxxxxxxx > Sent: Saturday, May 24, 2014 7:29 PM > To: philippedeswert@xxxxxxxxx; linux-usb@xxxxxxxxxxxxxxx > Subject: [PATCH v3 1/4] libusbg: Fix readlink/buffer overrun issue. > CID#56130, CID#56129 > > From: Philippe De Swert <philippe.deswert@xxxxxxxxxxxxxxx> > > Readlink() can return the total length of the buffer (here > 4096/USBG_MAX_PATH_LENGTH), > so we do not want to dereference target[4096] as that would give an > off by one error. > > Signed-off-by: Philippe De Swert <philippe.deswert@xxxxxxxxxxxxxxx> Reviewed-by: Krzysztof Opasiak <k.opasiak@xxxxxxxxxxx> > --- > src/usbg.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/src/usbg.c b/src/usbg.c > index d73943c..5d9c083 100644 > --- a/src/usbg.c > +++ b/src/usbg.c > @@ -850,7 +850,7 @@ static int > usbg_parse_config_binding(usbg_config *c, char *bpath, > usbg_function *f; > usbg_binding *b; > > - nmb = readlink(bpath, target, sizeof(target)); > + nmb = readlink(bpath, target, sizeof(target) - 1 ); > if (nmb < 0) { > ret = usbg_translate_error(errno); > goto out; > -- > 1.8.1.2 > > -- > To unsubscribe from this list: send the line "unsubscribe linux- > usb" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
