Narcissus/nwipe
2
0
Fork 0
mirror of https://github.com/martijnvanbrummelen/nwipe.git synced 2026-02-20 13:42:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fixes a buffer overflow

Browse Source 
Fixes a buffer overflow in the last commit. That
commit added additional model names to the endian model
swap code but did not calloc suffient storage for the
termination character.
This commit is contained in:
PartialVolume
2025-01-01 22:54:13 +00:00
parent a9e3dd2a77
commit a41d03125c
1 changed files with 7 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
src/miscellaneous.c
View File

@@ -635,11 +635,11 @@ void fix_endian_model_names( char* model )
length = strlen( model ) + 1;
nwipe_log( NWIPE_LOG_INFO, " length = %i", length );
tmp_string = calloc( length, 1 );
model_lower_case = calloc( length, 1 );
tmp_string = calloc( length + 1, 1 );
model_lower_case = calloc( length + 1, 1 );
strncpy( model_lower_case, model, length + 1 );
model_lower_case[length + 1] = 0; /* makesure it's terminated */
strncpy( model_lower_case, model, length );
model_lower_case[length] = 0; /* makesure it's terminated */
strlower( model_lower_case ); /* convert to lower case for comparison */
/* "ASSMNU G" = "SAMSUNG ", tested against model Samsung HM160HC so that
@@ -713,8 +713,9 @@ void fix_endian_model_names( char* model )
idx2 += 2;
}
tmp_string[idx2 + 1] = 0;
strcpy( model, tmp_string );
tmp_string[length] = 0; /* terminate */
strncpy( model, tmp_string, length );
model[length] = 0; /* terminate */
}
free( tmp_string );
free( model_lower_case );