bianbu-repo-mirror/bianbu-linux-6.6
1
0
Fork 0
mirror of https://gitee.com/bianbu-linux/linux-6.6 synced 2025-04-24 14:07:52 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

usbip: tools: fix atoi() on non-null terminated string

Browse source 
Currently the call to atoi is being passed a single char string
that is not null terminated, so there is a potential read overrun
along the stack when parsing for an integer value.  Fix this by
instead using a 2 char string that is initialized to all zeros
to ensure that a 1 char read into the string is always terminated
with a \0.

Detected by cppcheck:
"Invalid atoi() argument nr 1. A nul-terminated string is required."

Fixes: 3391ba0e27 ("usbip: tools: Extract generic code to be shared with vudc backend")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
Colin Ian King 2018-10-16 19:03:43 +01:00 committed by Greg Kroah-Hartman
parent 090158555f
commit e325808c00
1 changed files with 3 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

6
tools/usb/usbip/libsrc/usbip_host_common.c
View file

@ -43,7 +43,7 @@ static int32_t read_attr_usbip_status(struct usbip_usb_device *udev)
int size; int size;
int fd; int fd;
int length; int length;
char status; char status[2] = { 0 };
int value = 0; int value = 0;
size = snprintf(status_attr_path, sizeof(status_attr_path), size = snprintf(status_attr_path, sizeof(status_attr_path),
@ -61,14 +61,14 @@ static int32_t read_attr_usbip_status(struct usbip_usb_device *udev)
return -1; return -1;
} }
length = read(fd, &status, 1); length = read(fd, status, 1);
if (length < 0) { if (length < 0) {
err("error reading attribute %s", status_attr_path); err("error reading attribute %s", status_attr_path);
close(fd); close(fd);
return -1; return -1;
} }
value = atoi(&status); value = atoi(status);
return value; return value;
} }