* [PATCHv2 obexd 1/2] Remove unnecessary return in add_slash func
@ 2011-07-27 7:39 Radoslaw Jablonski
2011-07-27 7:39 ` [PATCHv2 obexd 2/2] Fix writing out of bounds " Radoslaw Jablonski
2011-07-27 7:59 ` [PATCHv2 obexd 1/2] Remove unnecessary return " Johan Hedberg
0 siblings, 2 replies; 3+ messages in thread
From: Radoslaw Jablonski @ 2011-07-27 7:39 UTC (permalink / raw)
To: linux-bluetooth; +Cc: Radoslaw Jablonski
---
plugins/vcard.c | 1 -
1 files changed, 0 insertions(+), 1 deletions(-)
diff --git a/plugins/vcard.c b/plugins/vcard.c
index b997fc4..2c13266 100644
--- a/plugins/vcard.c
+++ b/plugins/vcard.c
@@ -121,7 +121,6 @@ static void add_slash(char *dest, const char *src, int len_max, int len)
}
}
dest[j] = 0;
- return;
}
static void get_escaped_fields(char **fields, ...)
--
1.7.0.4
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [PATCHv2 obexd 2/2] Fix writing out of bounds in add_slash func
2011-07-27 7:39 [PATCHv2 obexd 1/2] Remove unnecessary return in add_slash func Radoslaw Jablonski
@ 2011-07-27 7:39 ` Radoslaw Jablonski
2011-07-27 7:59 ` [PATCHv2 obexd 1/2] Remove unnecessary return " Johan Hedberg
1 sibling, 0 replies; 3+ messages in thread
From: Radoslaw Jablonski @ 2011-07-27 7:39 UTC (permalink / raw)
To: linux-bluetooth; +Cc: Radoslaw Jablonski
For long input string there was possibility to write out
of "dest" buffer. It usually ended with obexd crash little
later in some random place.
---
plugins/vcard.c | 18 +++++++++++++++++-
1 files changed, 17 insertions(+), 1 deletions(-)
diff --git a/plugins/vcard.c b/plugins/vcard.c
index 2c13266..30841b7 100644
--- a/plugins/vcard.c
+++ b/plugins/vcard.c
@@ -101,25 +101,41 @@ static void add_slash(char *dest, const char *src, int len_max, int len)
{
int i, j;
- for (i = 0, j = 0; i < len && j < len_max; i++, j++) {
+ for (i = 0, j = 0; i < len && j + 1 < len_max; i++, j++) {
+ /* filling dest buffer - last field need to be reserved
+ * for '\0'*/
switch (src[i]) {
case '\n':
+ if (j + 2 >= len_max)
+ /* not enough space in the buffer to put char
+ * preceded with escaping sequence (and '\0' in
+ * the end) */
+ goto done;
+
dest[j++] = '\\';
dest[j] = 'n';
break;
case '\r':
+ if (j + 2 >= len_max)
+ goto done;
+
dest[j++] = '\\';
dest[j] = 'r';
break;
case '\\':
case ';':
case ',':
+ if (j + 2 >= len_max)
+ goto done;
+
dest[j++] = '\\';
default:
dest[j] = src[i];
break;
}
}
+
+done:
dest[j] = 0;
}
--
1.7.0.4
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCHv2 obexd 1/2] Remove unnecessary return in add_slash func
2011-07-27 7:39 [PATCHv2 obexd 1/2] Remove unnecessary return in add_slash func Radoslaw Jablonski
2011-07-27 7:39 ` [PATCHv2 obexd 2/2] Fix writing out of bounds " Radoslaw Jablonski
@ 2011-07-27 7:59 ` Johan Hedberg
1 sibling, 0 replies; 3+ messages in thread
From: Johan Hedberg @ 2011-07-27 7:59 UTC (permalink / raw)
To: Radoslaw Jablonski; +Cc: linux-bluetooth
Hi Radek,
On Wed, Jul 27, 2011, Radoslaw Jablonski wrote:
> ---
> plugins/vcard.c | 1 -
> 1 files changed, 0 insertions(+), 1 deletions(-)
Thanks. Both patches have now been applied.
Johan
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2011-07-27 7:59 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-07-27 7:39 [PATCHv2 obexd 1/2] Remove unnecessary return in add_slash func Radoslaw Jablonski
2011-07-27 7:39 ` [PATCHv2 obexd 2/2] Fix writing out of bounds " Radoslaw Jablonski
2011-07-27 7:59 ` [PATCHv2 obexd 1/2] Remove unnecessary return " Johan Hedberg
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).