Module Name: src Committed By: jakllsch Date: Sun Mar 17 20:10:52 UTC 2024
Modified Files: src/sys/dev/usb: ucycom.c Log Message: Prevent errant ucycom-presenting device from causing up to 225 bytes of kernel memory following input buffer to leak to tty application. Probably not practically expolitable, but you never know. To generate a diff of this commit: cvs rdiff -u -r1.56 -r1.57 src/sys/dev/usb/ucycom.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/sys/dev/usb/ucycom.c diff -u src/sys/dev/usb/ucycom.c:1.56 src/sys/dev/usb/ucycom.c:1.57 --- src/sys/dev/usb/ucycom.c:1.56 Wed Oct 26 23:50:28 2022 +++ src/sys/dev/usb/ucycom.c Sun Mar 17 20:10:52 2024 @@ -1,4 +1,4 @@ -/* $NetBSD: ucycom.c,v 1.56 2022/10/26 23:50:28 riastradh Exp $ */ +/* $NetBSD: ucycom.c,v 1.57 2024/03/17 20:10:52 jakllsch Exp $ */ /* * Copyright (c) 2005 The NetBSD Foundation, Inc. @@ -38,7 +38,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: ucycom.c,v 1.56 2022/10/26 23:50:28 riastradh Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ucycom.c,v 1.57 2024/03/17 20:10:52 jakllsch Exp $"); #ifdef _KERNEL_OPT #include "opt_usb.h" @@ -978,6 +978,7 @@ ucycom_intr(void *cookie, void *ibuf, u_ st = cp[0]; n = cp[1]; cp += 2; + n = uimin(n, 30); break; default: