lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Sun, 22 Dec 2013 22:47:15 +0500
From:	"Zubair Lutfullah :" <zubair.lutfullah@...il.com>
To:	jic23@...nel.org
Cc:	linux-iio@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: iio_utils.h bug?

Hi,

A guy posted this fix on my blog. I couldn't make sense of it.

Thought I'd post it here. I'll send a proper patch file if 
I knew what commit log I needed to write.
And I can't exactly sign-off :s.

I asked him to post but he couldn't/wouldn't.

Regards
ZubairLK


"Defend against buffer overflow of ci_array:

 code always overwrites one entry beyond end of array, now fixed
--Craig Markwardt"

iio_utils.h

@@ -335,6 +335,7 @@ inline int build_channel_array(const char *device_dir,
   while (ent = readdir(dp), ent != NULL) {
     if (strcmp(ent->d_name + strlen(ent->d_name) - strlen("_en"),
          "_en") == 0) {
+      int current_enabled = 0;
       current = &(*ci_array)[count++];
       ret = asprintf(&filename,
                "%s/%s", scan_el_dir, ent->d_name);
       if (ret < 0) {
         ret = -ENOMEM;
         /* decrement count to avoid freeing name */
         count--;
         goto error_cleanup_array;
       }

       sysfsfp = fopen(filename, "r");

       if (sysfsfp == NULL) {
         free(filename);
         ret = -errno;
         goto error_cleanup_array;
       }

-      fscanf(sysfsfp, "%u", &current->enabled);
+      fscanf(sysfsfp, "%u", &current_enabled);
       fclose(sysfsfp);

-      if (!current->enabled) {
+      if (!current_enabled) {
         free(filename);
         count--;
         continue;
       }
+      current->enabled = current_enabled;
       current->scale = 1.0;
       current->offset = 0;
       current->name = strndup(ent->d_name,
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ