Skip to content

Commit

Permalink
drivers/cmsis_dap: Fix buffer overflow in cmsis_dap_hid_open()
Browse files Browse the repository at this point in the history 
Use mbstowcs() to get required length of wide character string and
include space for terminating null wide character.

Change-Id: I668de6f0acc9b3ec5aca033d870dd9ef354f9077
Signed-off-by: Marcus Nilsson <brainbomb@gmail.com>
Reviewed-on: https://review.openocd.org/c/openocd/+/8232
Tested-by: jenkins
Reviewed-by: Antonio Borneo <borneo.antonio@gmail.com>
Reviewed-by: Tomas Vanek <vanekt@fbl.cz>
  • Loading branch information
@metmo @borneoa
metmo authored and borneoa committed Sep 7, 2024
1 parent 4680d6e commit e01e180
Showing 1 changed file with 6 additions and 2 deletions.
8 changes: 6 additions & 2 deletions src/jtag/drivers/cmsis_dap_usb_hid.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -121,8 +121,12 @@ static int cmsis_dap_hid_open(struct cmsis_dap *dap, uint16_t vids[], uint16_t p
break;

if (cur_dev->serial_number) {
size_t len = (strlen(serial) + 1) * sizeof(wchar_t);
wchar_t *wserial = malloc(len);
size_t len = mbstowcs(NULL, serial, 0) + 1;
wchar_t *wserial = malloc(len * sizeof(wchar_t));
if (!wserial) {
LOG_ERROR("unable to allocate serial number buffer");
return ERROR_FAIL;
}
mbstowcs(wserial, serial, len);

if (wcscmp(wserial, cur_dev->serial_number) == 0) {
Expand Down

0 comments on commit e01e180

Please sign in to comment.