* [PATCH] Possible off by one in drivers/parport/probe.c
@ 2004-12-01 17:02 Alexander Nyberg
0 siblings, 0 replies; only message in thread
From: Alexander Nyberg @ 2004-12-01 17:02 UTC (permalink / raw)
To: linux-kernel; +Cc: campbell, tim, Philip.Blundell
Hi!
This fixes a theoretical bug indicated in:
http://bugme.osdl.org/show_bug.cgi?id=240
It prevents overflow in case the required buffer is larger than the passed
buffer. This I found to be the minimally intrusive change.
If anyone could test this change using parport with "IEEE 1284 transfer modes"
(CONFIG_PARPORT_1284) hardware it would be nice.
Signed-off-by: Alexander Nyberg <alexn@dsv.su.se>
===== drivers/parport/probe.c 1.6 vs edited =====
--- 1.6/drivers/parport/probe.c 2004-10-28 09:39:58 +02:00
+++ edited/drivers/parport/probe.c 2004-12-01 17:02:43 +01:00
@@ -164,8 +164,16 @@ ssize_t parport_device_id (int devnum, c
if (retval != 2) goto end_id;
idlen = (length[0] << 8) + length[1] - 2;
- if (idlen < len)
+ /*
+ * Check if the caller-allocated buffer is large enough
+ * otherwise bail out or there will be an at least off by one.
+ */
+ if (idlen + 1 < len)
len = idlen;
+ else {
+ retval = -ENOMEM;
+ goto out;
+ }
retval = parport_read (dev->port, buffer, len);
if (retval != len)
@@ -205,11 +213,12 @@ ssize_t parport_device_id (int devnum, c
buffer[len] = '\0';
parport_negotiate (dev->port, IEEE1284_MODE_COMPAT);
}
- parport_release (dev);
if (retval > 2)
parse_data (dev->port, dev->daisy, buffer);
+out:
+ parport_release (dev);
parport_close (dev);
return retval;
}
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2004-12-01 17:02 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2004-12-01 17:02 [PATCH] Possible off by one in drivers/parport/probe.c Alexander Nyberg
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).