From 730bdc33e79ce8593252a6c950c549c38144909b Mon Sep 17 00:00:00 2001 From: Qualys Security Advisory Date: Thu, 1 Jan 1970 00:00:00 +0000 Subject: [PATCH] proc/devname.c: Prevent off-by-one overflow in dev_to_tty(). --- proc/devname.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/proc/devname.c b/proc/devname.c index 74290791..f673a417 100644 --- a/proc/devname.c +++ b/proc/devname.c @@ -348,7 +348,7 @@ abbrev: if((flags&ABBREV_TTY) && !strncmp(tmp,"tty", 3) && tmp[3]) tmp += 3; if((flags&ABBREV_PTS) && !strncmp(tmp,"pts/", 4) && tmp[4]) tmp += 4; /* gotta check before we chop or we may chop someone else's memory */ - if(chop + (unsigned long)(tmp-buf) <= sizeof buf) + if(chop + (unsigned long)(tmp-buf) < sizeof buf) tmp[chop] = '\0'; /* replace non-ASCII characters with '?' and return the number of chars */ for(;;){