This is a very small patch a buffer overwrite I encountered with the
RNDIS parser
[EMAIL PROTECTED]:/opt/tmp$ diff -c rndis.c rndis.c.orig
*** rndis.c 2006-02-21 05:31:58.000000000 -0600
--- rndis.c.orig 2006-02-21 05:05:20.000000000 -0600
***************
*** 856,867 ****
/*
* we need more memory:
! * gen_ndis_query_resp expects enough space for
! * rndis_query_cmplt_type followed by data.
! * oid_supported_list is the largest data reply
*/
! r = rndis_add_response (configNr,
! sizeof (oid_supported_list) + sizeof(rndis_query_cmplt_type));
if (!r)
return -ENOMEM;
resp = (rndis_query_cmplt_type *) r->buf;
--- 856,864 ----
/*
* we need more memory:
! * oid_supported_list is the largest answer
*/
! r = rndis_add_response (configNr, sizeof (oid_supported_list));
if (!r)
return -ENOMEM;
resp = (rndis_query_cmplt_type *) r->buf;
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid�3432&bid#0486&dat�1642
_______________________________________________
linux-usb-devel@lists.sourceforge.net
To unsubscribe, use the last form field at:
https://lists.sourceforge.net/lists/listinfo/linux-usb-devel
