> -----Original Message-----
> From: linux-usb-ow...@vger.kernel.org [mailto:linux-usb-
> ow...@vger.kernel.org] On Behalf Of philippedesw...@gmail.com
> Sent: Saturday, May 24, 2014 7:29 PM
> To: philippedesw...@gmail.com; linux-usb@vger.kernel.org
> Subject: [PATCH v3 1/4] libusbg: Fix readlink/buffer overrun issue.
> CID#56130, CID#56129
>
> From: Philippe De Swert <philippe.desw...@jollamobile.com>
>
> Readlink() can return the total length of the buffer (here
> 4096/USBG_MAX_PATH_LENGTH),
> so we do not want to dereference target[4096] as that would give an
> off by one error.
>
> Signed-off-by: Philippe De Swert <philippe.desw...@jollamobile.com>
Reviewed-by: Krzysztof Opasiak <k.opas...@samsung.com>
> ---
> src/usbg.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/src/usbg.c b/src/usbg.c
> index d73943c..5d9c083 100644
> --- a/src/usbg.c
> +++ b/src/usbg.c
> @@ -850,7 +850,7 @@ static int
> usbg_parse_config_binding(usbg_config *c, char *bpath,
> usbg_function *f;
> usbg_binding *b;
>
> - nmb = readlink(bpath, target, sizeof(target));
> + nmb = readlink(bpath, target, sizeof(target) - 1 );
> if (nmb < 0) {
> ret = usbg_translate_error(errno);
> goto out;
> --
> 1.8.1.2
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-
> usb" in
> the body of a message to majord...@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
