[PATCH u-boot-marvell v2 02/39] tools: kwboot: Fix buffer overflow in kwboot_terminal()
Marek Behún
marek.behun at nic.cz
Tue Sep 7 11:58:00 CEST 2021
The `in` variable is set to -1 in kwboot_terminal() if stdin is not a
tty. In this case we should not look whether -1 is set in fd_set, for it
can lead to a buffer overflow, which can be reproduced with
echo "xyz" | ./tools/kwboot -t /dev/ttyUSB0
Signed-off-by: Marek Behún <marek.behun at nic.cz>
---
tools/kwboot.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/kwboot.c b/tools/kwboot.c
index 7feeaa45a2..e6e99849a7 100644
--- a/tools/kwboot.c
+++ b/tools/kwboot.c
@@ -552,7 +552,7 @@ kwboot_terminal(int tty)
break;
}
- if (FD_ISSET(in, &rfds)) {
+ if (in >= 0 && FD_ISSET(in, &rfds)) {
rc = kwboot_term_pipe(in, tty, quit, &s);
if (rc)
break;
--
2.32.0
More information about the U-Boot
mailing list