]> granicus.if.org Git - procps-ng/commitdiff
0038-proc/devname.c: Prevent off-by-one overflow in dev_to_tty().
authorQualys Security Advisory <qsa@qualys.com>
Thu, 1 Jan 1970 00:00:00 +0000 (00:00 +0000)
committerCraig Small <csmall@enc.com.au>
Sat, 9 Jun 2018 11:35:19 +0000 (21:35 +1000)
proc/devname.c

index 40318a96c8380de780510046bb3046fa2826446e..e01bb7b108d26e42d18ed783839a3954b3f7bf1c 100644 (file)
@@ -347,7 +347,7 @@ abbrev:
   if((flags&ABBREV_TTY) && !strncmp(tmp,"tty",  3) && tmp[3]) tmp += 3;
   if((flags&ABBREV_PTS) && !strncmp(tmp,"pts/", 4) && tmp[4]) tmp += 4;
   /* gotta check before we chop or we may chop someone else's memory */
-  if(chop + (unsigned long)(tmp-buf) <= sizeof buf)
+  if(chop + (unsigned long)(tmp-buf) < sizeof buf)
     tmp[chop] = '\0';
   /* replace non-ASCII characters with '?' and return the number of chars */
   for(;;){