From: Martin Pitt Date: Fri, 18 Mar 2011 12:56:32 +0000 (+0100) Subject: input_id: Avoid memory overflow with too long capability masks X-Git-Tag: 174~230 X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=88149f668ea7ac23c61f6d1982db4f4517da763c;p=systemd input_id: Avoid memory overflow with too long capability masks Joey Lee reported a problem on an MSI laptop which reports a too long capabilities/key: E: EV==3 E: KEY==180000 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 This is longer than KEY_MAX and thus caused a memory overflow. Guard against this now and just ignore the excess blocks. --- diff --git a/extras/input_id/input_id.c b/extras/input_id/input_id.c index 20191599..b2d4a677 100644 --- a/extras/input_id/input_id.c +++ b/extras/input_id/input_id.c @@ -61,12 +61,18 @@ static void get_cap_mask (struct udev_device *dev, const char* attr, i = 0; while ((word = strrchr(text, ' ')) != NULL) { val = strtoul (word+1, NULL, 16); - bitmask[i] = val; + if (i < bitmask_size/sizeof(unsigned long)) + bitmask[i] = val; + else + DBG("Ignoring %s block %lX which is larger than maximum size\n", attr, val); *word = '\0'; ++i; } val = strtoul (text, NULL, 16); - bitmask[i] = val; + if (i < bitmask_size/sizeof(unsigned long)) + bitmask[i] = val; + else + DBG("Ignoring %s block %lX which is larger than maximum size\n", attr, val); if (debug) { /* printf pattern with the right unsigned long number of hex chars */