Skip to content
This repository has been archived by the owner on Nov 8, 2023. It is now read-only.

Commit

Permalink
Fix buffer overflow in syren utility
Browse files Browse the repository at this point in the history 
Patch for https://code.google.com/p/android/issues/detail?id=68268

A length check for the argv[2] was added in order to prevent buffer
overflow.  Also replace strcpy with strlcpy.

Signed-off-by: nks <nks@sixserv.org>
Change-Id: If65b83e9b658315c672e684f64e3ae00e69fac31
  • Loading branch information
@nks0ne @colincross
nks0ne authored and colincross committed Apr 13, 2014
1 parent 835526f commit 3967f81
Showing 1 changed file with 6 additions and 2 deletions.
8 changes: 6 additions & 2 deletions toolbox/syren.c
View file
Expand Up @@ -123,15 +123,19 @@ syren_main(int argc, char **argv)

r = find_reg(argv[2]);
if (r == NULL) {
strcpy(name, argv[2]);
if(strlen(argv[2]) >= sizeof(name)){
fprintf(stderr, "REGNAME too long\n");
return 0;
}
strlcpy(name, argv[2], sizeof(name));
char *addr_str = strchr(argv[2], ':');
if (addr_str == NULL)
return usage();
*addr_str++ = 0;
sio.page = strtoul(argv[2], 0, 0);
sio.addr = strtoul(addr_str, 0, 0);
} else {
strcpy(name, r->name);
strlcpy(name, r->name, sizeof(name));
sio.page = r->page;
sio.addr = r->addr;
}
Expand Down

0 comments on commit 3967f81

Please sign in to comment.