diff options
author | Marek BehĂșn <marek.behun@nic.cz> | 2021-09-24 23:06:39 +0200 |
---|---|---|
committer | Stefan Roese <sr@denx.de> | 2021-10-01 11:07:13 +0200 |
commit | f30cb0d3b9fd2d7c51339404ddaeae53ba9b90f9 (patch) | |
tree | b382d08855827a61eb5eb53b670f9d4357801c17 | |
parent | 3b5da64edfdc013b105573a20871659d37ab53de (diff) | |
download | u-boot-f30cb0d3b9fd2d7c51339404ddaeae53ba9b90f9.zip u-boot-f30cb0d3b9fd2d7c51339404ddaeae53ba9b90f9.tar.gz u-boot-f30cb0d3b9fd2d7c51339404ddaeae53ba9b90f9.tar.bz2 |
tools: kwboot: Fix buffer overflow in kwboot_terminal()
The `in` variable is set to -1 in kwboot_terminal() if stdin is not a
tty. In this case we should not look whether -1 is set in fd_set, for it
can lead to a buffer overflow, which can be reproduced with
echo "xyz" | ./tools/kwboot -t /dev/ttyUSB0
Signed-off-by: Marek BehĂșn <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
-rw-r--r-- | tools/kwboot.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/tools/kwboot.c b/tools/kwboot.c index 7feeaa4..e6e9984 100644 --- a/tools/kwboot.c +++ b/tools/kwboot.c @@ -552,7 +552,7 @@ kwboot_terminal(int tty) break; } - if (FD_ISSET(in, &rfds)) { + if (in >= 0 && FD_ISSET(in, &rfds)) { rc = kwboot_term_pipe(in, tty, quit, &s); if (rc) break; |