[PATCH u-boot-marvell v3 02/39] tools: kwboot: Fix buffer overflow in kwboot_terminal()
Stefan Roese
sr at denx.de
Fri Oct 1 08:14:10 CEST 2021
On 24.09.21 23:06, Marek Behún wrote:
> From: Marek Behún <marek.behun at nic.cz>
>
> The `in` variable is set to -1 in kwboot_terminal() if stdin is not a
> tty. In this case we should not look whether -1 is set in fd_set, for it
> can lead to a buffer overflow, which can be reproduced with
> echo "xyz" | ./tools/kwboot -t /dev/ttyUSB0
>
> Signed-off-by: Marek Behún <marek.behun at nic.cz>
Reviewed-by: Stefan Roese <sr at denx.de>
Thanks,
Stefan
> ---
> tools/kwboot.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/tools/kwboot.c b/tools/kwboot.c
> index 7feeaa45a2..e6e99849a7 100644
> --- a/tools/kwboot.c
> +++ b/tools/kwboot.c
> @@ -552,7 +552,7 @@ kwboot_terminal(int tty)
> break;
> }
>
> - if (FD_ISSET(in, &rfds)) {
> + if (in >= 0 && FD_ISSET(in, &rfds)) {
> rc = kwboot_term_pipe(in, tty, quit, &s);
> if (rc)
> break;
>
Viele Grüße,
Stefan
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-51 Fax: (+49)-8142-66989-80 Email: sr at denx.de
More information about the U-Boot
mailing list