diff options
author | Abhay Agarwal <ay.agarwal@samsung.com> | 2020-02-04 10:55:18 +0530 |
---|---|---|
committer | DoHyun Pyun <dh79.pyun@samsung.com> | 2020-02-10 12:39:26 +0900 |
commit | 959711c2c75ac5b2ce8afdc781218c1b6203e2e5 (patch) | |
tree | b9faf452f1ea437ab85540feb49de7bf10358293 | |
parent | 6f0d327bbac7c04cdaf93d5a607e667c8a67f5c8 (diff) | |
download | user-awareness-959711c2c75ac5b2ce8afdc781218c1b6203e2e5.tar.gz user-awareness-959711c2c75ac5b2ce8afdc781218c1b6203e2e5.tar.bz2 user-awareness-959711c2c75ac5b2ce8afdc781218c1b6203e2e5.zip |
ua-test: Check bounds for tainted integer device uid lengthsubmit/tizen/20200218.012819submit/tizen/20200210.035428accepted/tizen/unified/20200218.145842accepted/tizen/unified/20200210.131733
Integer value 'device_uid_len' is being obtained from untrusted source.
Bounds of device uid length needs to be checked before using it as a loop
bound.
Change-Id: Idcb1f9b67d099d9f3443166ae559c81c563632ad
Signed-off-by: Abhay Agarwal <ay.agarwal@samsung.com>
-rw-r--r-- | test/uat-payload.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/test/uat-payload.c b/test/uat-payload.c index eaa927c..2548e9a 100644 --- a/test/uat-payload.c +++ b/test/uat-payload.c @@ -147,6 +147,7 @@ static int _scan_payload_device_uid_str( if (strlen(g_payload_device_uid_len)) len = (unsigned char)strtol(g_payload_device_uid_len, NULL, 10); + len = len < UA_BLE_PAYLOAD_DEVICE_UID_MAX_LEN ? len : UA_BLE_PAYLOAD_DEVICE_UID_MAX_LEN; device_uid_len = len > 0 ? len : 0; for (int i = 0; i < device_uid_len; i++) { |