sysmocom
/
ofono
mirror of git://git.sysmocom.de/ofono
11
0
Fork 0
Code Issues Releases Activity

handsfree: Fix potential buffer overflow 

Function: ag_features_list
 static const char *list[10];  (Out of bounds write, line 75)
  Incrementing i the value is now 10, for “hf-indicators”

Reported by: blanca.e.sabas.rosales@intel.com
This commit is contained in:
Denis Kenzior 2015-06-30 16:58:36 -05:00
parent 48da783732
commit fceb5a41c2
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/handsfree.c
View File

@ -72,7 +72,11 @@ struct ofono_handsfree {
static const char **ag_features_list(unsigned int features,
unsigned int chld_features)
{
static const char *list[10];
/*
* BRSF response is a 32-bit unsigned int. Only 32 entries are posible,
* and we do not ever report the presence of bit 8.
*/
static const char *list[32];
unsigned int i = 0;
if (features & HFP_AG_FEATURE_3WAY)