Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 3967f81b authored by nks's avatar nks Committed by Colin Cross
Browse files

Fix buffer overflow in syren utility 

Patch for https://code.google.com/p/android/issues/detail?id=68268



A length check for the argv[2] was added in order to prevent buffer
overflow.  Also replace strcpy with strlcpy.

Signed-off-by: default avatarnks <nks@sixserv.org>
Change-Id: If65b83e9b658315c672e684f64e3ae00e69fac31
parent 835526fd

toolbox/syren.c

+6 −2
Original line number Diff line number Diff line
@@ -123,7 +123,11 @@ syren_main(int argc, char **argv) 


	r = find_reg(argv[2]);

	if (r == NULL) {

		strcpy(name, argv[2]);

		if(strlen(argv[2]) >= sizeof(name)){

			fprintf(stderr, "REGNAME too long\n");

			return 0;

		}

		strlcpy(name, argv[2], sizeof(name));

		char *addr_str = strchr(argv[2], ':');

		if (addr_str == NULL)

			return usage();
@@ -131,7 +135,7 @@ syren_main(int argc, char **argv) 
		sio.page = strtoul(argv[2], 0, 0);

		sio.addr = strtoul(addr_str, 0, 0);

	} else {

		strcpy(name, r->name);

		strlcpy(name, r->name, sizeof(name));

		sio.page = r->page;

		sio.addr = r->addr;

	}