handsfree: Fix potential buffer overflow

Function: ag_features_list static const char *list[10]; (Out of bounds write, line 75) Incrementing i the value is now 10, for “hf-indicators” Reported by: blanca.e.sabas.rosales@intel.com
author: Denis Kenzior <denkenz@gmail.com> 2015-06-30 16:58:36 -0500
committer: Denis Kenzior <denkenz@gmail.com> 2015-06-30 16:58:36 -0500
commit: fceb5a41c25a622755ce6235091354d044de769a (patch)
tree: 7cc4220b86b720a13a628e4cad0005c6ee1d54df /src
parent: 48da783732151772f966a7f8f1629131fd6261aa (diff)
download: ofono-fceb5a41c25a622755ce6235091354d044de769a.tar.bz2
1 files changed, 5 insertions, 1 deletions
diff --git a/src/handsfree.c b/src/handsfree.c
index 30ab7022..a97dee06 100644
--- a/src/handsfree.c
+++ b/src/handsfree.c
@@ -72,7 +72,11 @@ struct ofono_handsfree {
 static const char **ag_features_list(unsigned int features,
 					unsigned int chld_features)
 {
-	static const char *list[10];
+	/*
+	 * BRSF response is a 32-bit unsigned int.  Only 32 entries are posible,
+	 * and we do not ever report the presence of bit 8.
+	 */
+	static const char *list[32];
 	unsigned int i = 0;
 
 	if (features & HFP_AG_FEATURE_3WAY)
author	Denis Kenzior <denkenz@gmail.com>	2015-06-30 16:58:36 -0500
committer	Denis Kenzior <denkenz@gmail.com>	2015-06-30 16:58:36 -0500
commit	fceb5a41c25a622755ce6235091354d044de769a (patch)
tree	7cc4220b86b720a13a628e4cad0005c6ee1d54df /src
parent	48da783732151772f966a7f8f1629131fd6261aa (diff)
download	ofono-fceb5a41c25a622755ce6235091354d044de769a.tar.bz2