diff options
author | imp <imp@FreeBSD.org> | 1999-12-07 19:23:56 +0000 |
---|---|---|
committer | imp <imp@FreeBSD.org> | 1999-12-07 19:23:56 +0000 |
commit | 0e463632a3ead6327de2d89a1bd77d328dea7150 (patch) | |
tree | f921c98bc2bdaac023b6a828b1e19993a3409c4c /usr.sbin/pccard | |
parent | edabac1a9d64258b28ef81e140886c4a726a71c1 (diff) | |
download | FreeBSD-src-0e463632a3ead6327de2d89a1bd77d328dea7150.zip FreeBSD-src-0e463632a3ead6327de2d89a1bd77d328dea7150.tar.gz |
Bump CIS_MAXSTR from 30 to 254. pccard appears to define the entire
section we take them from to be up to 255 bytes long, so that's the
max size for the string. They can't all be this big, but I don't have
a better number and better to be a little long than a little short.
Also only consume len characters of the cis buffer so we don't run off
the end into the next buffer and get garbage. This second patch
shouldn't impact anything, but I'll hold off back porting this to
-stable until I get more reports on the stability before/after this
fix.
Diffstat (limited to 'usr.sbin/pccard')
-rw-r--r-- | usr.sbin/pccard/pccardd/readcis.c | 19 | ||||
-rw-r--r-- | usr.sbin/pccard/pccardd/readcis.h | 2 |
2 files changed, 17 insertions, 4 deletions
diff --git a/usr.sbin/pccard/pccardd/readcis.c b/usr.sbin/pccard/pccardd/readcis.c index 6fd7c7b..ddfd6fc 100644 --- a/usr.sbin/pccard/pccardd/readcis.c +++ b/usr.sbin/pccard/pccardd/readcis.c @@ -170,16 +170,29 @@ freecis(struct cis *cp) static void cis_info(struct cis *cp, unsigned char *p, int len) { + unsigned char *end = p + len; *cp->manuf = *cp->vers = *cp->add_info1 = *cp->add_info2 = '\0'; cp->maj_v = *p++; cp->min_v = *p++; + if (p >= end) + return; strncpy(cp->manuf, p, CIS_MAXSTR - 1); - while (*p++); + cp->manuf[CIS_MAXSTR - 1] = '\0'; + p += strlen(p); + if (p >= end) + return; strncpy(cp->vers, p, CIS_MAXSTR - 1); - while (*p++); + cp->vers[CIS_MAXSTR - 1] = '\0'; + p += strlen(p); + if (p >= end) + return; strncpy(cp->add_info1, p, CIS_MAXSTR - 1); - while (*p++); + cp->add_info1[CIS_MAXSTR - 1] = '\0'; + p += strlen(p); + if (p >= end) + return; strncpy(cp->add_info2, p, CIS_MAXSTR - 1); + cp->add_info2[CIS_MAXSTR - 1] = '\0'; } /* diff --git a/usr.sbin/pccard/pccardd/readcis.h b/usr.sbin/pccard/pccardd/readcis.h index 0540036..58d83ef 100644 --- a/usr.sbin/pccard/pccardd/readcis.h +++ b/usr.sbin/pccard/pccardd/readcis.h @@ -26,7 +26,7 @@ * $FreeBSD$ */ -#define CIS_MAXSTR 30 +#define CIS_MAXSTR 254 struct tuple { struct tuple *next; unsigned char code; |