Blame SOURCES/0001-tools-Fix-potential-buffer-overflow-when-reading-fro.patch

c6df2a
From 2a7af30793f9aa6e36acdc7c8b908d0965585437 Mon Sep 17 00:00:00 2001
c6df2a
From: Jason Gerecke <killertofu@gmail.com>
c6df2a
Date: Thu, 10 Oct 2019 12:13:39 -0700
c6df2a
Subject: [PATCH] tools: Fix potential buffer overflow when reading from serial
c6df2a
 tablet
c6df2a
c6df2a
The read_data() function has a "min_len" number of bytes to read
c6df2a
to ensure that a complete data structure is read, regardless of garbage
c6df2a
that may be on the line. When garbage is present, however, it can
c6df2a
potentially overflow the buffer.
c6df2a
c6df2a
The function already has code to memmove the good data over garbage and
c6df2a
perform re-reads until "min_len" bytes of good data are available. All
c6df2a
we need to do to avoid the buffer overflow is ensure that the maximum
c6df2a
number of bytes we read() in one call is no more than the number of
c6df2a
bytes free at the end of the buffer.
c6df2a
c6df2a
Ref: https://github.com/linuxwacom/xf86-input-wacom/issues/86
c6df2a
Fixes: 3546d8ab1b ("tools: add isdv4-serial-debugger test program")
c6df2a
Signed-off-by: Jason Gerecke <jason.gerecke@wacom.com>
c6df2a
---
c6df2a
 tools/tools-shared.c | 2 +-
c6df2a
 1 file changed, 1 insertion(+), 1 deletion(-)
c6df2a
c6df2a
diff --git a/tools/tools-shared.c b/tools/tools-shared.c
c6df2a
index c55e8ca1..c10d8e86 100644
c6df2a
--- a/tools/tools-shared.c
c6df2a
+++ b/tools/tools-shared.c
c6df2a
@@ -219,7 +219,7 @@ int read_data(int fd, unsigned char* buffer, int min_len)
c6df2a
 	TRACE("Reading %d bytes from device.\n", min_len);
c6df2a
 redo:
c6df2a
 	do {
c6df2a
-		int l = read(fd, &buffer[len], min_len);
c6df2a
+		int l = read(fd, &buffer[len], min_len - len);
c6df2a
 
c6df2a
 		if (l == -1) {
c6df2a
 			if (errno != EAGAIN) {
c6df2a
-- 
c6df2a
2.23.0
c6df2a