diff options
| author |   stsp <stsp@openbsd.org> | 2017-11-07 21:20:05 +0000 |
|---|---|---|
| committer | stsp <stsp@openbsd.org> | 2017-11-07 21:20:05 +0000 |
| commit | 39ab79cf254785ae195582100d8e44ec50250c10 (patch) | |
| tree | f9e3f00c62e174941be9fbc2271504b4f98a28a1 | |
| parent | Fix spelling: bet -> net from Scott Bennett, thanks (diff) | |
| download | wireguard-openbsd-39ab79cf254785ae195582100d8e44ec50250c10.tar.xz wireguard-openbsd-39ab79cf254785ae195582100d8e44ec50250c10.zip | |
Prevent a potential stack buffer overrun when a urtwn(4) device
reports more than 3 bulk-out endpoints.
Problem found by Pierre Pronchery (khorben) during code inspection.
ok mpi@ kevlo@
| -rw-r--r-- | sys/dev/usb/if_urtwn.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/sys/dev/usb/if_urtwn.c b/sys/dev/usb/if_urtwn.c index e6e9cbd670e..e841da1c284 100644 --- a/sys/dev/usb/if_urtwn.c +++ b/sys/dev/usb/if_urtwn.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_urtwn.c,v 1.75 2017/08/23 09:25:17 kevlo Exp $ */ +/* $OpenBSD: if_urtwn.c,v 1.76 2017/11/07 21:20:05 stsp Exp $ */ /*- * Copyright (c) 2010 Damien Bergamini <damien.bergamini@free.fr> @@ -535,7 +535,8 @@ urtwn_open_pipes(struct urtwn_softc *sc) rx_no = ed->bEndpointAddress; nrx++; } else { - epaddr[sc->ntx] = ed->bEndpointAddress; + if (sc->ntx < R92C_MAX_EPOUT) + epaddr[sc->ntx] = ed->bEndpointAddress; sc->ntx++; } } |