blob: 96dcd8abac110bf2628e293c048787147270eea2 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
From 4b6fe372c68d1ff50e7c161cffadeb298734f49c Mon Sep 17 00:00:00 2001
From: paulhsia <paulhsia@chromium.org>
Date: Sat, 30 Nov 2019 03:35:30 +0800
Subject: [PATCH 1/5] ucm: Use strncmp to avoid access-out-of-boundary
If the length of the identifier is less than the length of the prefix,
access-out-of-boundary will occur in memcmp().
Signed-off-by: paulhsia <paulhsia@chromium.org>
Signed-off-by: Jaroslav Kysela <perex@perex.cz>
Upstream-Status: Backport
Signed-off-by: Tanu Kaskinen <tanuk@iki.fi>
---
src/ucm/main.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/src/ucm/main.c b/src/ucm/main.c
index b0b6ffb3..252e50d9 100644
--- a/src/ucm/main.c
+++ b/src/ucm/main.c
@@ -61,11 +61,13 @@ static int check_identifier(const char *identifier, const char *prefix)
{
int len;
- if (strcmp(identifier, prefix) == 0)
- return 1;
len = strlen(prefix);
- if (memcmp(identifier, prefix, len) == 0 && identifier[len] == '/')
+ if (strncmp(identifier, prefix, len) != 0)
+ return 0;
+
+ if (identifier[len] == 0 || identifier[len] == '/')
return 1;
+
return 0;
}
--
2.20.1
|