Date: Tue, 16 Jan 2007 11:33:14 +0300 From: Eygene Ryabinkin <rea-fbsd@codelabs.ru> To: freebsd-usb@freebsd.org Subject: Re: usb/106435: possible buffer overflow in ums(4) debug code Message-ID: <20070116083313.GB1035@codelabs.ru> In-Reply-To: <20070108113222.GK37482@codelabs.ru> References: <20070108113222.GK37482@codelabs.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
Gentlemen! May I bother you with usb/106435 again. This PR fixes the issue with ums packet length in the debug code: it was wrongly assumed that packet will be 6 bytes long at each time. But since memory for the buffer is allocated with the reported length and not with the constant '6', then there is a potential buffer overflow. The fix is simple and will not harm anything. Thanks! -- Eygene
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070116083313.GB1035>