summaryrefslogtreecommitdiffstats
path: root/tools
diff options
context:
space:
mode:
authorColin Ian King <colin.king@canonical.com>2018-10-16 19:03:43 +0100
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2019-12-01 09:13:41 +0100
commit02322e7a97f9e5a19400901b9e9c978b728129e6 (patch)
tree055e6e8832b3fb8204472ff1f542ef76cbc9c676 /tools
parent1827fafe4887a41246fef1e3876e8a988968d2e9 (diff)
downloadlinux-stable-02322e7a97f9e5a19400901b9e9c978b728129e6.tar.gz
linux-stable-02322e7a97f9e5a19400901b9e9c978b728129e6.tar.bz2
linux-stable-02322e7a97f9e5a19400901b9e9c978b728129e6.zip
usbip: tools: fix atoi() on non-null terminated string
[ Upstream commit e325808c0051b16729ffd472ff887c6cae5c6317 ] Currently the call to atoi is being passed a single char string that is not null terminated, so there is a potential read overrun along the stack when parsing for an integer value. Fix this by instead using a 2 char string that is initialized to all zeros to ensure that a 1 char read into the string is always terminated with a \0. Detected by cppcheck: "Invalid atoi() argument nr 1. A nul-terminated string is required." Fixes: 3391ba0e2792 ("usbip: tools: Extract generic code to be shared with vudc backend") Signed-off-by: Colin Ian King <colin.king@canonical.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Sasha Levin <sashal@kernel.org>
Diffstat (limited to 'tools')
-rw-r--r--tools/usb/usbip/libsrc/usbip_host_common.c6
1 files changed, 3 insertions, 3 deletions
diff --git a/tools/usb/usbip/libsrc/usbip_host_common.c b/tools/usb/usbip/libsrc/usbip_host_common.c
index 6ff7b601f854..f5ad219a324e 100644
--- a/tools/usb/usbip/libsrc/usbip_host_common.c
+++ b/tools/usb/usbip/libsrc/usbip_host_common.c
@@ -43,7 +43,7 @@ static int32_t read_attr_usbip_status(struct usbip_usb_device *udev)
int size;
int fd;
int length;
- char status;
+ char status[2] = { 0 };
int value = 0;
size = snprintf(status_attr_path, sizeof(status_attr_path),
@@ -61,14 +61,14 @@ static int32_t read_attr_usbip_status(struct usbip_usb_device *udev)
return -1;
}
- length = read(fd, &status, 1);
+ length = read(fd, status, 1);
if (length < 0) {
err("error reading attribute %s", status_attr_path);
close(fd);
return -1;
}
- value = atoi(&status);
+ value = atoi(status);
return value;
}