提交 a6a61c54 编写于 作者: E Eric Sesterhenn 提交者: Linus Torvalds

[PATCH] Overrun in isdn_tty.c

This fixes coverity bug id #1237.  After the while loop, it is possible for
i == ISDN_LMSNLEN.  If this happens the terminating '\0' is written after
the end of the array.
Signed-off-by: NEric Sesterhenn <snakebyte@gmx.de>
Cc: Karsten Keil <kkeil@suse.de>
Signed-off-by: NAndrew Morton <akpm@osdl.org>
Signed-off-by: NLinus Torvalds <torvalds@osdl.org>
上级 92d1dbd2
......@@ -2880,7 +2880,7 @@ isdn_tty_cmd_ATand(char **p, modem_info * info)
p[0]++;
i = 0;
while (*p[0] && (strchr("0123456789,-*[]?;", *p[0])) &&
(i < ISDN_LMSNLEN))
(i < ISDN_LMSNLEN - 1))
m->lmsn[i++] = *p[0]++;
m->lmsn[i] = '\0';
break;
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册