Module Name: src
Committed By: martin
Date: Thu Sep 12 19:39:35 UTC 2024
Modified Files:
src/sys/dev/usb [netbsd-10]: ucycom.c
Log Message:
Pull up following revision(s) (requested by rin in ticket #841):
sys/dev/usb/ucycom.c: revision 1.57
Prevent errant ucycom-presenting device from causing up to 225
bytes of kernel memory following input buffer to leak to tty
application.
Probably not practically expolitable, but you never know.
To generate a diff of this commit:
cvs rdiff -u -r1.56 -r1.56.2.1 src/sys/dev/usb/ucycom.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/dev/usb/ucycom.c
diff -u src/sys/dev/usb/ucycom.c:1.56 src/sys/dev/usb/ucycom.c:1.56.2.1
--- src/sys/dev/usb/ucycom.c:1.56 Wed Oct 26 23:50:28 2022
+++ src/sys/dev/usb/ucycom.c Thu Sep 12 19:39:35 2024
@@ -1,4 +1,4 @@
-/* $NetBSD: ucycom.c,v 1.56 2022/10/26 23:50:28 riastradh Exp $ */
+/* $NetBSD: ucycom.c,v 1.56.2.1 2024/09/12 19:39:35 martin Exp $ */
/*
* Copyright (c) 2005 The NetBSD Foundation, Inc.
@@ -38,7 +38,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ucycom.c,v 1.56 2022/10/26 23:50:28 riastradh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ucycom.c,v 1.56.2.1 2024/09/12 19:39:35 martin Exp $");
#ifdef _KERNEL_OPT
#include "opt_usb.h"
@@ -978,6 +978,7 @@ ucycom_intr(void *cookie, void *ibuf, u_
st = cp[0];
n = cp[1];
cp += 2;
+ n = uimin(n, 30);
break;
default:
