[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] libgnokii and core programs branch, master, updated. rel_0_6_29-39
|
From: |
Daniele Forsi |
|
Subject: |
[SCM] libgnokii and core programs branch, master, updated. rel_0_6_29-398-g0caf17d |
|
Date: |
Wed, 04 Apr 2012 13:44:02 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "libgnokii and core programs".
The branch, master has been updated
via 0caf17dd21b7399b670fae37cca364f39207ee56 (commit)
from 7daa85a38101cc7f118e0b287403fc8b36fdac75 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
http://git.savannah.gnu.org/cgit/gnokii.git/commit/?id=0caf17dd21b7399b670fae37cca364f39207ee56
commit 0caf17dd21b7399b670fae37cca364f39207ee56
Author: Daniele Forsi <address@hidden>
Date: Wed Apr 4 15:35:49 2012 +0200
Fix buffer read overflow
Uncovered by previous off-by-ones fixe. Since str is post-incremented
in the while loop, the following if statement will access memory after
the end of the buffer if the exit condition was *str== 0 or max==0
Fixes:
1 errors in context 1 of 2:
Conditional jump or move depends on uninitialised value(s)
at 0x809A967: findcrlf (atgen.c:3460)
by 0x809AAB9: splitlines (atgen.c:3426)
by 0x809C4F3: ReplyGetCharset (atgen.c:2549)
by 0x8062B53: sm_incoming_function (gsm-statemachine.c:115)
by 0x80B97AB: atbus_loop (atbus.c:222)
by 0x8062300: gn_sm_loop (gsm-statemachine.c:68)
by 0x80627B9: __sm_block_timeout (gsm-statemachine.c:236)
by 0x809B35B: AT_GetCharset (atgen.c:846)
by 0x80A1794: Initialise (atgen.c:665)
by 0x806154C: register_driver (gsm-api.c:92)
by 0x8061762: gn_gsm_initialise (gsm-api.c:142)
by 0x8061136: gn_lib_phone_open (libfunctions.c:175)
Uninitialised value was created by a heap allocation
at 0x4025BD3: malloc (vg_replace_malloc.c:236)
by 0x4025C5D: realloc (vg_replace_malloc.c:525)
by 0x80B971B: atbus_loop (atbus.c:144)
by 0x8062300: gn_sm_loop (gsm-statemachine.c:68)
by 0x80627B9: __sm_block_timeout (gsm-statemachine.c:236)
by 0x809B35B: AT_GetCharset (atgen.c:846)
by 0x80A1794: Initialise (atgen.c:665)
by 0x806154C: register_driver (gsm-api.c:92)
by 0x8061762: gn_gsm_initialise (gsm-api.c:142)
by 0x8061136: gn_lib_phone_open (libfunctions.c:175)
by 0x804D0C1: parse_options (gnokii.c:394)
by 0x804D18E: main (gnokii.c:1234)
diff --git a/common/phones/atgen.c b/common/phones/atgen.c
index 2bc9802..0d8e7c6 100644
--- a/common/phones/atgen.c
+++ b/common/phones/atgen.c
@@ -3444,21 +3444,21 @@ char *skipcrlf(unsigned char *str)
/*
* searches for <cr> or <lf> and returns the first
- * occurrence. if test is set, the gsm char @ which
+ * occurrence. If is_gsm is set, the gsm char @ which
* is 0x00 is not considered as end of string.
* return NULL if no <cr> or <lf> was found in the
* range of max bytes.
*/
-char *findcrlf(unsigned char *str, int test, int max)
+char *findcrlf(unsigned char *str, int is_gsm, int max)
{
if (str == NULL)
return str;
- while ((max > 0) && (*str != '\n') && (*str != '\r') && ((*str != '\0')
|| test)) {
+ while (max > 0) {
+ if ((*str == '\r') || (*str == '\n') || ((*str == '\0') &&
!is_gsm))
+ return str;
str++;
max--;
}
- if ((*str == '\0') || ((max == 0) && (*str != '\n') && (*str != '\r')))
- return NULL;
- return str;
+ return NULL;
}
-----------------------------------------------------------------------
Summary of changes:
common/phones/atgen.c | 12 ++++++------
1 files changed, 6 insertions(+), 6 deletions(-)
hooks/post-receive
--
libgnokii and core programs
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] libgnokii and core programs branch, master, updated. rel_0_6_29-398-g0caf17d,
Daniele Forsi <=