From: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Date: Tue, 28 Oct 2014 01:52:38 +0000 (-0400)
Subject: cdrom_id: do not attempt to read past end of buffer
X-Git-Tag: v217~35
X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=commitdiff_plain;h=3fcd09602c0dfff8c0fafe6c4f9bba6b0fd72c30;p=elogind.git

cdrom_id: do not attempt to read past end of buffer

CID #1238437
---

diff --git a/src/udev/cdrom_id/cdrom_id.c b/src/udev/cdrom_id/cdrom_id.c
index c93a7bf8d..7a4b98726 100644
--- a/src/udev/cdrom_id/cdrom_id.c
+++ b/src/udev/cdrom_id/cdrom_id.c
@@ -606,7 +606,7 @@ static int cd_profiles(struct udev *udev, int fd)
                 switch (feature) {
                 case 0x00:
                         log_debug("GET CONFIGURATION: feature 'profiles', with %i entries", features[i+3] / 4);
-                        feature_profiles(udev, &features[i]+4, features[i+3]);
+                        feature_profiles(udev, &features[i]+4, MIN(features[i+3], len - i - 4));
                         break;
                 default:
                         log_debug("GET CONFIGURATION: feature 0x%04x <ignored>, with 0x%02x bytes", feature, features[i+3]);