openkylin
/
platform_kernel-5.15
mirror of https://gitee.com/openkylin/platform_kernel-5.15.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity

[PATCH] Overrun in isdn_tty.c 

This fixes coverity bug id #1237.  After the while loop, it is possible for
i == ISDN_LMSNLEN.  If this happens the terminating '\0' is written after
the end of the array.

Signed-off-by: Eric Sesterhenn <snakebyte@gmx.de>
Cc: Karsten Keil <kkeil@suse.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
This commit is contained in:
Eric Sesterhenn 2006-05-20 15:00:12 -07:00 committed by Linus Torvalds
parent 92d1dbd274
commit a6a61c5494
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
drivers/isdn/i4l/isdn_tty.c
View File

@ -2880,7 +2880,7 @@ isdn_tty_cmd_ATand(char **p, modem_info * info)
p[0]++; p[0]++;
i = 0; i = 0;
while (*p[0] && (strchr("0123456789,-*[]?;", *p[0])) && while (*p[0] && (strchr("0123456789,-*[]?;", *p[0])) &&
(i < ISDN_LMSNLEN)) (i < ISDN_LMSNLEN - 1))
m->lmsn[i++] = *p[0]++; m->lmsn[i++] = *p[0]++;
m->lmsn[i] = '\0'; m->lmsn[i] = '\0';
break; break;