diff options
| author | Brahmaji K <bkomma@codeaurora.org> | 2017-04-24 13:02:15 +0530 |
|---|---|---|
| committer | Bruno Martins <bgcngm@gmail.com> | 2017-06-02 11:53:47 +0000 |
| commit | 98f70c5bf93fca8d5b31b9787f2f1f8258d145e4 (patch) | |
| tree | 7010957cf723ebf464a527bb015039367577fc5d | |
| parent | 85b5399df1b081000a0982e6e1234523ca9abf9e (diff) | |
| download | android_vendor_qcom_opensource_cryptfs_hw-replicant-6.0-0004-rc2.tar.gz android_vendor_qcom_opensource_cryptfs_hw-replicant-6.0-0004-rc2.tar.bz2 android_vendor_qcom_opensource_cryptfs_hw-replicant-6.0-0004-rc2.zip | |
cryptfs_hw: Fix stack out of bound issueHEADreplicant-6.0-0004-transitionreplicant-6.0-0004-rc6replicant-6.0-0004-rc5-transitionreplicant-6.0-0004-rc5replicant-6.0-0004-rc4replicant-6.0-0004-rc3replicant-6.0-0004-rc2replicant-6.0-0004-rc1replicant-6.0-0004replicant-6.0-0003replicant-6.0-0002cm-13.0
Add strnlen() instead of strlen() to fix the buffer overflow
while processing the password.
Change-Id: I5996bb62980741b7463c8829a43524e79abc4f19
| -rwxr-xr-x | cryptfs_hw.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/cryptfs_hw.c b/cryptfs_hw.c index ff06c9f..214713c 100755 --- a/cryptfs_hw.c +++ b/cryptfs_hw.c @@ -106,7 +106,7 @@ static unsigned char* get_tmp_passwd(const char* passwd) tmp_passwd = (unsigned char*)malloc(MAX_PASSWORD_LEN); if(tmp_passwd) { memset(tmp_passwd, 0, MAX_PASSWORD_LEN); - passwd_len = (strlen(passwd) > MAX_PASSWORD_LEN) ? MAX_PASSWORD_LEN : strlen(passwd); + passwd_len = strnlen(passwd, MAX_PASSWORD_LEN); memcpy(tmp_passwd, passwd, passwd_len); } else { SLOGE("%s: Failed to allocate memory for tmp passwd \n", __func__); |