diff options
author | Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org> | 2021-03-12 18:38:57 +0100 |
---|---|---|
committer | Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org> | 2021-03-17 18:20:52 +0100 |
commit | 8d8d867d2ff54bd8c46b902605c991ba720f6cd7 (patch) | |
tree | 58c4715adb733455ea5287a59f601a73f530968f /tools | |
parent | b16701b69addf5cef5ff3bd1279141dfc2ac560d (diff) | |
download | hardware_replicant_libsamsung-ipc-8d8d867d2ff54bd8c46b902605c991ba720f6cd7.tar.gz hardware_replicant_libsamsung-ipc-8d8d867d2ff54bd8c46b902605c991ba720f6cd7.tar.bz2 hardware_replicant_libsamsung-ipc-8d8d867d2ff54bd8c46b902605c991ba720f6cd7.zip |
tools: ipc-modem: fix potential out of bounds sim_pin memcpy
If for instance "1234" is given as pin, the size of optarg
should be 5 but memcpy would copy 8.
In addition, the current code also makes sure that there is a
terminating null byte ('\0') inside the sim_pin array.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Diffstat (limited to 'tools')
-rw-r--r-- | tools/ipc-modem.c | 23 |
1 files changed, 12 insertions, 11 deletions
diff --git a/tools/ipc-modem.c b/tools/ipc-modem.c index c85c812..2b19f57 100644 --- a/tools/ipc-modem.c +++ b/tools/ipc-modem.c @@ -18,6 +18,7 @@ * along with libsamsung-ipc. If not, see <http://www.gnu.org/licenses/>. */ +#include <assert.h> #include <fcntl.h> #include <getopt.h> #include <pthread.h> @@ -511,17 +512,17 @@ int main(int argc, char *argv[]) } else if (strcmp(opt_l[opt_i].name, "debug") == 0) { debug = 1; printf("[I] Debug enabled\n"); - } else if (strcmp(opt_l[opt_i].name, "pin") == 0) { - if (optarg) { - if (strlen(optarg) < 8) { - printf("[I] Got SIM PIN!\n"); - memcpy(sim_pin, optarg, 8); - } else { - printf("[E] " - "SIM PIN is too long!" - "\n"); - return 1; - } + } else if ((strcmp(opt_l[opt_i].name, "pin") == 0) && + (optarg)) { + if (strlen(optarg) < 8) { + assert(strlen(optarg) < + sizeof(sim_pin)); + + printf("[I] Got SIM PIN!\n"); + strcpy(sim_pin, optarg); + } else { + printf("[E] SIM PIN is too long!\n"); + return 1; } } break; |