diff options
author | Luiz Augusto von Dentz <luiz.von.dentz@intel.com> | 2015-08-12 17:44:28 +0300 |
---|---|---|
committer | Luiz Augusto von Dentz <luiz.von.dentz@intel.com> | 2015-08-13 14:05:43 +0300 |
commit | fa7c60eb0c450a5b649810dc99bfbe1dd6f0ced5 (patch) | |
tree | 3dfab898dcf85dddfb8380b75729292a555cae7b | |
parent | 9db45f056b98e84730e2353018d60824c16d9cc4 (diff) | |
download | bluez-fa7c60eb0c450a5b649810dc99bfbe1dd6f0ced5.tar.gz |
tools/hciattach: Fix not checking the size given to strcat
strcat will attempt to append the 2 strings but it assumes the
destination is big enough to hold the result.
-rw-r--r-- | tools/hciattach.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/tools/hciattach.c b/tools/hciattach.c index 4dc5be563..59a76a7a1 100644 --- a/tools/hciattach.c +++ b/tools/hciattach.c @@ -1358,6 +1358,12 @@ int main(int argc, char *argv[]) dev[0] = 0; if (!strchr(opt, '/')) strcpy(dev, "/dev/"); + + if (strlen(opt) > PATH_MAX - (strlen(dev) + 1)) { + fprintf(stderr, "Invalid serial device\n"); + exit(1); + } + strcat(dev, opt); break; |