chiark / gitweb /
sd-id128: check that the kernel is feeding us proper data
authorZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Wed, 3 Apr 2013 20:58:16 +0000 (16:58 -0400)
committerZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Fri, 5 Apr 2013 04:17:35 +0000 (00:17 -0400)
The characters are already checked, so we show that
we don't trust the kernel. Make sure we don't overrun
the buffer too.

src/libsystemd-id128/sd-id128.c

index 4286ae7..68c4987 100644 (file)
@@ -170,6 +170,9 @@ _public_ int sd_id128_get_boot(sd_id128_t *ret) {
         for (j = 0, p = buf; j < 16; j++) {
                 int a, b;
 
         for (j = 0, p = buf; j < 16; j++) {
                 int a, b;
 
+                if (p >= buf + k)
+                        return -EIO;
+
                 if (*p == '-')
                         p++;
 
                 if (*p == '-')
                         p++;