commit | 6f1ac59f0d19cfe5a47a4388d845974764d9c547 | [log] [tgz] |
---|---|---|
author | Andrew de los Reyes <adlr@google.com> | Fri Sep 04 15:44:57 2015 -0700 |
committer | Andrew Duggan <aduggan@synaptics.com> | Thu Sep 10 11:16:24 2015 -0700 |
tree | 5cf8346237b8736faed8c27841dff391db4b87f8 | |
parent | fd23c027cf8165d77a9ffa80f1ec83562d88b9e8 [diff] |
rmihidtool: length check on find_token Addresses security concern: find_token does not check size of result buffer when writing, just depends on caller to make sure input and output buffers are the same length. This can lead to a stack buffer overflow if run with malicious arguments (e.g. "-w AAAA...more.than.255...AAAA").