chiark
/
gitweb
/
~ianmdlvl
/
elogind.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
91554cf
)
scsi_id: prevent buffer overflow in check_fill_0x83_prespc3()
author
Harald Hoyer
<harald@redhat.com>
Wed, 16 Sep 2009 15:42:15 +0000
(17:42 +0200)
committer
Kay Sievers
<kay.sievers@vrfy.org>
Wed, 16 Sep 2009 22:06:03 +0000
(
00:06
+0200)
see https://bugzilla.redhat.com/show_bug.cgi?id=516920
extras/scsi_id/scsi_serial.c
patch
|
blob
|
history
diff --git
a/extras/scsi_id/scsi_serial.c
b/extras/scsi_id/scsi_serial.c
index 92359122d838413992490cf2abc1f9a796c3e43b..ab0ffd62aaa963c28dd542a3ee0e3b81d22f4f51 100644
(file)
--- a/
extras/scsi_id/scsi_serial.c
+++ b/
extras/scsi_id/scsi_serial.c
@@
-578,11
+578,12
@@
static int check_fill_0x83_prespc3(struct udev *udev,
/* serial has been memset to zero before */
j = strlen(serial); /* j = 1; */
- for (i = 0;
i < page_83[3]
; ++i) {
+ for (i = 0;
(i < page_83[3]) && (j < max_len-3)
; ++i) {
serial[j++] = hex_str[(page_83[4+i] & 0xf0) >> 4];
serial[j++] = hex_str[ page_83[4+i] & 0x0f];
}
- strcpy(serial_short, serial);
+ serial[max_len-1] = 0;
+ strncpy(serial_short, serial, max_len-1);
return 0;
}