Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / rmi4utils / 6f1ac59f0d19cfe5a47a4388d845974764d9c547
commit6f1ac59f0d19cfe5a47a4388d845974764d9c547[log] [tgz]
authorAndrew de los Reyes <adlr@google.com>Fri Sep 04 15:44:57 2015 -0700
committerAndrew Duggan <aduggan@synaptics.com>Thu Sep 10 11:16:24 2015 -0700
tree5cf8346237b8736faed8c27841dff391db4b87f8
parentfd23c027cf8165d77a9ffa80f1ec83562d88b9e8 [diff]
rmihidtool: length check on find_token

Addresses security concern:

find_token does not check size of result buffer when writing, just
depends on caller to make sure input and output buffers are the same
length. This can lead to a stack buffer overflow if run with malicious
arguments (e.g. "-w AAAA...more.than.255...AAAA").
1 file changed
tree: 5cf8346237b8736faed8c27841dff391db4b87f8
  1. f54test/
  2. rmi4update/
  3. rmidevice/
  4. rmihidtool/
  5. Android.mk
  6. Application.mk
  7. LICENSE
  8. Makefile
  9. README