git projects / ziggy471-frankenstein-kernel.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree | latest snapshot
plain | history

Initial INC MR3 commit with EVO/BRAVO included and majority of the compile warnings ...
/net/irda/iriap.c
blob:294e34d3517cb87cc191c1cfec9d7b39de30245d -> blob:35a338b6d897c7ee1c71f00ddf8d0fb67116bedd
--- net/irda/iriap.c
+++ net/irda/iriap.c
@@ -501,7 +501,8 @@ static void iriap_getvaluebyclass_confir
IRDA_DEBUG(4, "%s(), strlen=%d\n", __func__, value_len);
/* Make sure the string is null-terminated */
- fp[n+value_len] = 0x00;
+ if (n + value_len < skb->len)
+ fp[n + value_len] = 0x00;
IRDA_DEBUG(4, "Got string %s\n", fp+n);
/* Will truncate to IAS_MAX_STRING bytes */
@@ -654,10 +655,16 @@ static void iriap_getvaluebyclass_indica
n = 1;
name_len = fp[n++];
+
+ IRDA_ASSERT(name_len < IAS_MAX_CLASSNAME + 1, return;);
+
memcpy(name, fp+n, name_len); n+=name_len;
name[name_len] = '\0';
attr_len = fp[n++];
+
+ IRDA_ASSERT(attr_len < IAS_MAX_ATTRIBNAME + 1, return;);
+
memcpy(attr, fp+n, attr_len); n+=attr_len;
attr[attr_len] = '\0';
Frankenstine (BRAVO/EVO/INC) kernel source