Module Name: src
Committed By: jakllsch
Date: Sun Mar 17 20:10:52 UTC 2024
Modified Files:
src/sys/dev/usb: ucycom.c
Log Message:
Prevent errant ucycom-presenting device from causing up to 225
bytes of kernel memory following input buffer to leak to tty
application.
Probably not practically expolitable, but you never know.
To generate a diff of this commit:
cvs rdiff -u -r1.56 -r1.57 src/sys/dev/usb/ucycom.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/dev/usb/ucycom.c
diff -u src/sys/dev/usb/ucycom.c:1.56 src/sys/dev/usb/ucycom.c:1.57
--- src/sys/dev/usb/ucycom.c:1.56 Wed Oct 26 23:50:28 2022
+++ src/sys/dev/usb/ucycom.c Sun Mar 17 20:10:52 2024
@@ -1,4 +1,4 @@
-/* $NetBSD: ucycom.c,v 1.56 2022/10/26 23:50:28 riastradh Exp $ */
+/* $NetBSD: ucycom.c,v 1.57 2024/03/17 20:10:52 jakllsch Exp $ */
/*
* Copyright (c) 2005 The NetBSD Foundation, Inc.
@@ -38,7 +38,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ucycom.c,v 1.56 2022/10/26 23:50:28 riastradh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ucycom.c,v 1.57 2024/03/17 20:10:52 jakllsch Exp $");
#ifdef _KERNEL_OPT
#include "opt_usb.h"
@@ -978,6 +978,7 @@ ucycom_intr(void *cookie, void *ibuf, u_
st = cp[0];
n = cp[1];
cp += 2;
+ n = uimin(n, 30);
break;
default:
