summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMartin Pitt <martin.pitt@ubuntu.com>2011-03-18 13:56:32 +0100
committerMartin Pitt <martin.pitt@ubuntu.com>2011-03-18 13:56:32 +0100
commit88149f668ea7ac23c61f6d1982db4f4517da763c (patch)
tree0b0433029809ee5ea21ede7ba5f5e51ea16bbea5
parent941c40bdc47d1fdee651558dd0e162cd8d674fab (diff)
input_id: Avoid memory overflow with too long capability masks
Joey Lee <jlee@novell.com> reported a problem on an MSI laptop which reports a too long capabilities/key: E: EV==3 E: KEY==180000 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 This is longer than KEY_MAX and thus caused a memory overflow. Guard against this now and just ignore the excess blocks.
-rw-r--r--extras/input_id/input_id.c10
1 files changed, 8 insertions, 2 deletions
diff --git a/extras/input_id/input_id.c b/extras/input_id/input_id.c
index 20191599d1..b2d4a6770a 100644
--- a/extras/input_id/input_id.c
+++ b/extras/input_id/input_id.c
@@ -61,12 +61,18 @@ static void get_cap_mask (struct udev_device *dev, const char* attr,
i = 0;
while ((word = strrchr(text, ' ')) != NULL) {
val = strtoul (word+1, NULL, 16);
- bitmask[i] = val;
+ if (i < bitmask_size/sizeof(unsigned long))
+ bitmask[i] = val;
+ else
+ DBG("Ignoring %s block %lX which is larger than maximum size\n", attr, val);
*word = '\0';
++i;
}
val = strtoul (text, NULL, 16);
- bitmask[i] = val;
+ if (i < bitmask_size/sizeof(unsigned long))
+ bitmask[i] = val;
+ else
+ DBG("Ignoring %s block %lX which is larger than maximum size\n", attr, val);
if (debug) {
/* printf pattern with the right unsigned long number of hex chars */