| Andrew Geissler | 82c905d | 2020-04-13 13:39:40 -0500 | [diff] [blame] | 1 | From 4b6fe372c68d1ff50e7c161cffadeb298734f49c Mon Sep 17 00:00:00 2001 |
| 2 | From: paulhsia <paulhsia@chromium.org> |
| 3 | Date: Sat, 30 Nov 2019 03:35:30 +0800 |
| 4 | Subject: [PATCH 1/5] ucm: Use strncmp to avoid access-out-of-boundary |
| 5 | |
| 6 | If the length of the identifier is less than the length of the prefix, |
| 7 | access-out-of-boundary will occur in memcmp(). |
| 8 | |
| 9 | Signed-off-by: paulhsia <paulhsia@chromium.org> |
| 10 | Signed-off-by: Jaroslav Kysela <perex@perex.cz> |
| 11 | |
| 12 | Upstream-Status: Backport |
| 13 | Signed-off-by: Tanu Kaskinen <tanuk@iki.fi> |
| 14 | --- |
| 15 | src/ucm/main.c | 8 +++++--- |
| 16 | 1 file changed, 5 insertions(+), 3 deletions(-) |
| 17 | |
| 18 | diff --git a/src/ucm/main.c b/src/ucm/main.c |
| 19 | index b0b6ffb3..252e50d9 100644 |
| 20 | --- a/src/ucm/main.c |
| 21 | +++ b/src/ucm/main.c |
| 22 | @@ -61,11 +61,13 @@ static int check_identifier(const char *identifier, const char *prefix) |
| 23 | { |
| 24 | int len; |
| 25 | |
| 26 | - if (strcmp(identifier, prefix) == 0) |
| 27 | - return 1; |
| 28 | len = strlen(prefix); |
| 29 | - if (memcmp(identifier, prefix, len) == 0 && identifier[len] == '/') |
| 30 | + if (strncmp(identifier, prefix, len) != 0) |
| 31 | + return 0; |
| 32 | + |
| 33 | + if (identifier[len] == 0 || identifier[len] == '/') |
| 34 | return 1; |
| 35 | + |
| 36 | return 0; |
| 37 | } |
| 38 | |
| 39 | -- |
| 40 | 2.20.1 |
| 41 | |