summaryrefslogtreecommitdiff
path: root/Fix-length-checks-in-parallel-driver.patch
diff options
context:
space:
mode:
Diffstat (limited to 'Fix-length-checks-in-parallel-driver.patch')
-rw-r--r--Fix-length-checks-in-parallel-driver.patch37
1 files changed, 37 insertions, 0 deletions
diff --git a/Fix-length-checks-in-parallel-driver.patch b/Fix-length-checks-in-parallel-driver.patch
new file mode 100644
index 0000000..cd3c022
--- /dev/null
+++ b/Fix-length-checks-in-parallel-driver.patch
@@ -0,0 +1,37 @@
+From 64544c7f4ed72b3023955ebe6ad3b118ebb8d6c7 Mon Sep 17 00:00:00 2001
+From: akallabeth <akallabeth@posteo.net>
+Date: Thu, 6 Oct 2022 09:12:40 +0200
+Subject: [PATCH] Fix length checks in parallel driver
+
+The length requested was not checked against the length read from
+the port.
+
+(cherry picked from commit 094cc5a4596c299595b732effd59ee149181fd61)
+---
+ channels/parallel/client/parallel_main.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/channels/parallel/client/parallel_main.c b/channels/parallel/client/parallel_main.c
+index af3e82703..993605a65 100644
+--- a/channels/parallel/client/parallel_main.c
++++ b/channels/parallel/client/parallel_main.c
+@@ -159,7 +159,7 @@ static UINT parallel_process_irp_read(PARALLEL_DEVICE* parallel, IRP* irp)
+ return ERROR_INVALID_DATA;
+ Stream_Read_UINT32(irp->input, Length);
+ Stream_Read_UINT64(irp->input, Offset);
+- buffer = (BYTE*)malloc(Length);
++ buffer = (BYTE*)calloc(Length, sizeof(BYTE));
+
+ if (!buffer)
+ {
+@@ -178,6 +178,7 @@ static UINT parallel_process_irp_read(PARALLEL_DEVICE* parallel, IRP* irp)
+ }
+ else
+ {
++ Length = status;
+ }
+
+ Stream_Write_UINT32(irp->output, Length);
+--
+2.37.1
+
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-30 19:46:39 +0000