chiark / gitweb /
udev: properly calculate size of remaining data
authorZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Sat, 14 Mar 2015 02:22:02 +0000 (21:22 -0500)
committerZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Sat, 14 Mar 2015 03:42:17 +0000 (23:42 -0400)
The data comes from the kernel, so chances of it being
garbled are low, but for correctness' sake, add the check.

CID #996458.

src/udev/udev-builtin-usb_id.c

index 6516d93..e6c27a9 100644 (file)
@@ -150,18 +150,18 @@ static int dev_if_packed_info(struct udev_device *dev, char *ifs_str, size_t len
         _cleanup_close_ int fd = -1;
         ssize_t size;
         unsigned char buf[18 + 65535];
-        int pos = 0;
+        size_t pos = 0;
         unsigned strpos = 0;
         struct usb_interface_descriptor {
-                uint8_t        bLength;
-                uint8_t        bDescriptorType;
-                uint8_t        bInterfaceNumber;
-                uint8_t        bAlternateSetting;
-                uint8_t        bNumEndpoints;
-                uint8_t        bInterfaceClass;
-                uint8_t        bInterfaceSubClass;
-                uint8_t        bInterfaceProtocol;
-                uint8_t        iInterface;
+                uint8_t bLength;
+                uint8_t bDescriptorType;
+                uint8_t bInterfaceNumber;
+                uint8_t bAlternateSetting;
+                uint8_t bNumEndpoints;
+                uint8_t bInterfaceClass;
+                uint8_t bInterfaceSubClass;
+                uint8_t bInterfaceProtocol;
+                uint8_t iInterface;
         } _packed_;
 
         if (asprintf(&filename, "%s/descriptors", udev_device_get_syspath(dev)) < 0)
@@ -178,7 +178,9 @@ static int dev_if_packed_info(struct udev_device *dev, char *ifs_str, size_t len
                 return -EIO;
 
         ifs_str[0] = '\0';
-        while (pos < size && strpos+7 < len-2) {
+        while (pos + sizeof(struct usb_interface_descriptor) < (size_t) size &&
+               strpos + 7 < len - 2) {
+
                 struct usb_interface_descriptor *desc;
                 char if_str[8];