ChangeSet 1.2050, 2005/02/03 01:41:15-08:00, [EMAIL PROTECTED]
[PATCH] USB: hid-core: possible buffer overflow in hid-core.c
Peter Bartosch wrote:
> Hello all,
>
>
> i think i found a possible buffer overflow in hid-core (2.6.10-rc2):
Agreed, and sorry it took so long to reply/patch this.
(from 2004-DEC-01)
> when i interpret this code right, the buffer (buf) will overflow when
> the iManufacturer stringlength is 0 and the iProduct stringlength
> is > 64!
Thanks, here's a patch for it.
Fix potential buffer overflow (by a device descriptor):
buf size is only 64 bytes.
Signed-off-by: Randy Dunlap <[EMAIL PROTECTED]>
Signed-off-by: Greg Kroah-Hartman <[EMAIL PROTECTED]>
drivers/usb/input/hid-core.c | 2 +-
1 files changed, 1 insertion(+), 1 deletion(-)
diff -Nru a/drivers/usb/input/hid-core.c b/drivers/usb/input/hid-core.c
--- a/drivers/usb/input/hid-core.c 2005-02-03 08:44:30 -08:00
+++ b/drivers/usb/input/hid-core.c 2005-02-03 08:44:30 -08:00
@@ -1740,7 +1740,7 @@
strcat(hid->name, buf);
if (usb_string(dev, dev->descriptor.iProduct, buf, 64) > 0)
snprintf(hid->name, 64, "%s %s", hid->name, buf);
- } else if (usb_string(dev, dev->descriptor.iProduct, buf, 128) > 0) {
+ } else if (usb_string(dev, dev->descriptor.iProduct, buf, 64) > 0) {
snprintf(hid->name, 128, "%s", buf);
} else
snprintf(hid->name, 128, "%04x:%04x",
-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
_______________________________________________
linux-usb-devel@lists.sourceforge.net
To unsubscribe, use the last form field at:
https://lists.sourceforge.net/lists/listinfo/linux-usb-devel
