From 52efd5a404f3c8ee64b62ed55c954a151e61153a Mon Sep 17 00:00:00 2001
From: Pali Rohár <pali.rohar@gmail.com>
Date: Wed, 26 Nov 2014 15:47:21 +0100
Subject: nolo: Check for return buffer size

---
 src/nolo.c | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'src/nolo.c')

diff --git a/src/nolo.c b/src/nolo.c
index 6953f49..6dce8a2 100644
--- a/src/nolo.c
+++ b/src/nolo.c
@@ -124,6 +124,9 @@ static int nolo_identify_string(struct usb_device_info * dev, const char * str,
 	if ( ret < 0 )
 		NOLO_ERROR_RETURN("NOLO_IDENTIFY failed", -1);
 
+	if ( (size_t)ret > sizeof(buf) )
+		ret = sizeof(buf);
+
 	ptr = memmem(buf, ret, str, strlen(str));
 	if ( ! ptr )
 		ERROR_RETURN("Substring was not found", -1);
@@ -167,6 +170,9 @@ static int nolo_get_string(struct usb_device_info * dev, char * str, char * out,
 	if ( ( ret = usb_control_msg(dev->udev, NOLO_QUERY, NOLO_GET_STRING, 0, 0, out, size-1, 2000) ) < 0 )
 		return -1;
 
+	if ( (size_t)ret > size-1 )
+		ret = size-1;
+
 	out[size-1] = 0;
 	out[ret] = 0;
 	return strlen(out);
-- 
cgit v1.2.3