On Fri, May 03, 2002 at 06:19:39PM +1000, Brad Hards wrote:
> On Fri, 3 May 2002 17:23, Vojtech Pavlik wrote:
> > We can either fix it by changing the numbers to fit (but this is always
> > prone to similar bugs caused by changing the strings only), or changing
> > back to snprintf.
> OK, I'll use snprintf in the 2.4 backport, and leave 2.5 to you.
I think for 2.5 is snprinf OK as well. Here is a patch - Greg, please
apply.
--
Vojtech Pavlik
SuSE Labs
You can import this changeset into BK by piping this whole message to:
'| bk receive [path to repository]' or apply the patch as usual.
===================================================================
[EMAIL PROTECTED], 2002-05-03 13:20:27+02:00, [EMAIL PROTECTED]
This fixes a possible buffer overflow in hid-core.c in case a
device would have very long string descriptors (vendor and device
name.)
hid-core.c | 8 ++++----
1 files changed, 4 insertions(+), 4 deletions(-)
diff -Nru a/drivers/usb/input/hid-core.c b/drivers/usb/input/hid-core.c
--- a/drivers/usb/input/hid-core.c Fri May 3 13:20:50 2002
+++ b/drivers/usb/input/hid-core.c Fri May 3 13:20:50 2002
@@ -1396,12 +1396,12 @@
if (usb_string(dev, dev->descriptor.iManufacturer, buf, 64) > 0) {
strcat(hid->name, buf);
if (usb_string(dev, dev->descriptor.iProduct, buf, 64) > 0)
- sprintf(hid->name, "%s %s", hid->name, buf);
+ snprintf(hid->name, 64, "%s %s", hid->name, buf);
} else
- sprintf(hid->name, "%04x:%04x", dev->descriptor.idVendor,
dev->descriptor.idProduct);
+ snprintf(hid->name, 64, "%04x:%04x", dev->descriptor.idVendor,
+dev->descriptor.idProduct);
- usb_make_path(dev, buf, 63);
- sprintf(hid->phys, "%s/input%d", buf, ifnum);
+ usb_make_path(dev, buf, 64);
+ snprintf(hid->phys, 64, "%s/input%d", buf, ifnum);
if (usb_string(dev, dev->descriptor.iSerialNumber, hid->uniq, 64) <= 0)
hid->uniq[0] = 0;
===================================================================
This BitKeeper patch contains the following changesets:
+
## Wrapped with gzip_uu ##
begin 664 bkpatch1983
M'XL(`))RTCP``[54;6^;,!#^C'_%J56E5FW`-@8"4ZINZ]ZT28NZ=5\K8YO@
M-8$,0])._/@9DJ4OVI*MV@!QXKA[[NTY[\.E457B+,JOM1(YVH>WI:D3IU[J
MJ9[DM=N(I2N^6_U%65J]EY<SY:VMO?3:F^JB,0/J!LC:C'DM<EBHRB0.<?V-
MIKZ=J\2Y>/7F\L/S"X1&(WB9\V*B/JD:1B-4E]6"3Z4YXW4^+0NWKGAA9JKF
MKBAG[<:TI1A3>P<D\G$0MB3$+&H%D81P1I3$E`U#=H<V5\6DT3O@F(\II3YC
M+0N#T$?G0-P@9("IAP,/^T#\A.*$1L>8)AC#NO2S1PV"8P(#C%[`OZWE)1+P
M.=<&,GVC#'"8E\;H=*H@;;),55#:9F?3<@FZ@%S+@2@KY8KN2W"C@%M_J19:
M*%B6S51"SA>J&]`MV.0F8.I*6R&5$96>V]P-'"Y4(<L*>"'7KA:CX#/E'J'W
MP")_&*/QW?S0X"\OA##'Z'1'HV2E.QIYC4D]6Y<K[C6,81*UC%E%*R-"HBR+
MTDC&G(?![\;S`$\7\Z;V[KJU@@ZP3PB)Z;#U"8[CGJ7;O'83]XDUH)\UF,:H
M/\N=T9#ZA&'6]FSN24S]!QPF<4*'NSC,8,#^"X=?ZYNMU.WXU3.N*?0W2])"
MVG-EXEK"K8;Q$0;5LG\L@<9;Y_($0IX3/XZ!H'=KZ3B.*>9V,^KLL`,^[=([
M@9"[EMAIL PROTECTED]=P+W]+:>HV<6Q,ZT!UG);1B8W23=R^+8%1N<WNV?J^67?O]^
M]6=<E;(1]3J8#[0/QJQT;">N9OQ:7<WMS`ZM:Y]6%\]:/\IDGM^:336K_AW(
AO;6#SHIF9GTV9[?(E;@VS6R4AFDJ_%B@'W,PZB0T!@``
`
end
