From 3bce026d6757e80ad1061f4679f8664fbc3c836f Mon Sep 17 00:00:00 2001 From: Huang-Huang Bao Date: Sun, 21 Mar 2021 19:58:02 +0800 Subject: [PATCH] protocol-native: fix out-of-bounds access to SEC_LABEL hex table If buffer type char[] is 4-byte aligned, higher 3-byte on char could be non-zero if data is not initialized, which make 'buffer[i] >> 4' larger than 0x0f. Use type uint8_t[] on SEC_LABEL buffer to fix it. --- src/modules/module-protocol-native.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/modules/module-protocol-native.c b/src/modules/module-protocol-native.c index c92409c79..bd161a06c 100644 --- a/src/modules/module-protocol-native.c +++ b/src/modules/module-protocol-native.c @@ -391,7 +391,7 @@ static const struct pw_protocol_native_connection_events server_conn_events = { .need_flush = on_server_need_flush, }; -static bool check_print(const char *buffer, int len) +static bool check_print(const uint8_t *buffer, int len) { int i; while (len > 1 && buffer[len-1] == 0) @@ -414,7 +414,7 @@ static struct client_data *client_new(struct server *s, int fd) #endif struct pw_context *context = protocol->context; struct pw_properties *props; - char buffer[1024]; + uint8_t buffer[1024]; struct protocol_data *d = pw_protocol_get_user_data(protocol); int i, res;