libwd/0146-uadk-fix-BufferOverFlow.patch

From 8b19ff4c4b243ca2b0adf9c19bc20c3b83c9c4b1 Mon Sep 17 00:00:00 2001
From: Wenkai Lin <linwenkai6@hisilicon.com>
Date: Sat, 23 Jul 2022 16:50:28 +0800
Subject: [PATCH 161/183] uadk: fix BufferOverFlow

Fix that read or write outside of array bounds
of buf if string not ended with 0.

Signed-off-by: Wenkai Lin <linwenkai6@hisilicon.com>
---
 wd_mempool.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/wd_mempool.c b/wd_mempool.c
index d9259de..6143a69 100644
--- a/wd_mempool.c
+++ b/wd_mempool.c
@@ -624,7 +624,7 @@ static int get_value_from_sysfs(const char *path, ssize_t path_size)
 	char buf[MAX_ATTR_STR_SIZE];
 	char *ptrRet = NULL;
 	ssize_t size;
-	int fd;
+	int fd, ret;
 
 	ptrRet = realpath(path, dev_path);
 	if (!ptrRet) {
@@ -645,7 +645,14 @@ static int get_value_from_sysfs(const char *path, ssize_t path_size)
 	}
 
 	close(fd);
-	return (int)strtol(buf, NULL, 10);
+
+	ret = strtol(buf, NULL, 10);
+	if (errno == ERANGE) {
+		WD_ERR("failed to strtol %s, out of range!\n", buf);
+		goto err_read;
+	}
+
+	return ret;
 
 err_read:
 	close(fd);
-- 
2.27.0
libwd: backport for uadk from 2.3.31 to 2.3.36 Update some patch for uadk from mainline. To get more information, please visit the homepage: https://github.comp/Linaro/uadk Signed-off-by: Yang Shen <shenyang39@huawei.com> 2022-07-26 09:56:35 +08:00			`From 8b19ff4c4b243ca2b0adf9c19bc20c3b83c9c4b1 Mon Sep 17 00:00:00 2001`
			`From: Wenkai Lin <linwenkai6@hisilicon.com>`
			`Date: Sat, 23 Jul 2022 16:50:28 +0800`
			`Subject: [PATCH 161/183] uadk: fix BufferOverFlow`

			`Fix that read or write outside of array bounds`
			`of buf if string not ended with 0.`

			`Signed-off-by: Wenkai Lin <linwenkai6@hisilicon.com>`
			`---`
			`wd_mempool.c \| 11 +++++++++--`
			`1 file changed, 9 insertions(+), 2 deletions(-)`

			`diff --git a/wd_mempool.c b/wd_mempool.c`
			`index d9259de..6143a69 100644`
			`--- a/wd_mempool.c`
			`+++ b/wd_mempool.c`
			`@@ -624,7 +624,7 @@ static int get_value_from_sysfs(const char *path, ssize_t path_size)`
			`char buf[MAX_ATTR_STR_SIZE];`
			`char *ptrRet = NULL;`
			`ssize_t size;`
			`- int fd;`
			`+ int fd, ret;`

			`ptrRet = realpath(path, dev_path);`
			`if (!ptrRet) {`
			`@@ -645,7 +645,14 @@ static int get_value_from_sysfs(const char *path, ssize_t path_size)`
			`}`

			`close(fd);`
			`- return (int)strtol(buf, NULL, 10);`
			`+`
			`+ ret = strtol(buf, NULL, 10);`
			`+ if (errno == ERANGE) {`
			`+ WD_ERR("failed to strtol %s, out of range!\n", buf);`
			`+ goto err_read;`
			`+ }`
			`+`
			`+ return ret;`

			`err_read:`
			`close(fd);`
			`--`
			`2.27.0`