From 2a7af30793f9aa6e36acdc7c8b908d0965585437 Mon Sep 17 00:00:00 2001 From: Jason Gerecke Date: Thu, 10 Oct 2019 12:13:39 -0700 Subject: [PATCH] tools: Fix potential buffer overflow when reading from serial tablet The read_data() function has a "min_len" number of bytes to read to ensure that a complete data structure is read, regardless of garbage that may be on the line. When garbage is present, however, it can potentially overflow the buffer. The function already has code to memmove the good data over garbage and perform re-reads until "min_len" bytes of good data are available. All we need to do to avoid the buffer overflow is ensure that the maximum number of bytes we read() in one call is no more than the number of bytes free at the end of the buffer. Ref: https://github.com/linuxwacom/xf86-input-wacom/issues/86 Fixes: 3546d8ab1b ("tools: add isdv4-serial-debugger test program") Signed-off-by: Jason Gerecke --- tools/tools-shared.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/tools-shared.c b/tools/tools-shared.c index c55e8ca1..c10d8e86 100644 --- a/tools/tools-shared.c +++ b/tools/tools-shared.c @@ -219,7 +219,7 @@ int read_data(int fd, unsigned char* buffer, int min_len) TRACE("Reading %d bytes from device.\n", min_len); redo: do { - int l = read(fd, &buffer[len], min_len); + int l = read(fd, &buffer[len], min_len - len); if (l == -1) { if (errno != EAGAIN) { -- 2.23.0