mirrors/libfprint
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/libfprint/libfprint.git synced 2026-06-10 18:24:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

egis_etu905: Avoid potential wrong memory accesses

Browse Source
This commit is contained in:
Marco Trevisan (Treviño)
2026-06-08 13:44:13 +02:00
parent c6f9f094af
commit 65c3dcb1eb
1 changed files with 38 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files
libfprint/drivers/egismoc/egis_etu905.c
+38 -15
View File
@@ -110,11 +110,21 @@ egis_etu905_validate_response_prefix (const guchar *buffer_in,
const guchar *valid_prefix,
const gsize valid_prefix_len)
{
const gboolean result = memcmp (buffer_in +
(egis_etu905_read_prefix_len +
EGIS_ETU905_CHECK_BYTES_LENGTH),
valid_prefix,
valid_prefix_len) == 0;
FpiByteReader reader;
const guint8 *data = NULL;
gboolean result;
fpi_byte_reader_init (&reader, buffer_in, buffer_in_len);
if (!fpi_byte_reader_set_pos (&reader, egis_etu905_read_prefix_len +
EGIS_ETU905_CHECK_BYTES_LENGTH) ||
!fpi_byte_reader_get_data (&reader, valid_prefix_len, &data))
{
fp_dbg ("Response too short for prefix validation");
return FALSE;
}
result = memcmp (data, valid_prefix, valid_prefix_len) == 0;
fp_dbg ("Response prefix valid: %s", result ? "yes" : "NO");
return result;
@@ -126,9 +136,22 @@ egis_etu905_validate_response_suffix (const guchar *buffer_in,
const guchar *valid_suffix,
const gsize valid_suffix_len)
{
const gboolean result = memcmp (buffer_in + (buffer_in_len - valid_suffix_len),
valid_suffix,
valid_suffix_len) == 0;
FpiByteReader reader;
const guint8 *data = NULL;
gboolean result;
fpi_byte_reader_init (&reader, buffer_in, buffer_in_len);
/* Guard against unsigned underflow before computing the suffix position. */
if (valid_suffix_len > buffer_in_len ||
!fpi_byte_reader_set_pos (&reader, buffer_in_len - valid_suffix_len) ||
!fpi_byte_reader_get_data (&reader, valid_suffix_len, &data))
{
fp_dbg ("Response too short for suffix validation");
return FALSE;
}
result = memcmp (data, valid_suffix, valid_suffix_len) == 0;
fp_dbg ("Response suffix valid: %s", result ? "yes" : "NO");
return result;
@@ -1467,10 +1490,10 @@ egis_etu905_dev_init_handler (FpiSsm *ssm,
static void
egis_etu905_probe (FpDevice *device)
{
GUsbDevice *usb_dev;
GError *error = NULL;
g_autoptr(GError) error = NULL;
g_autofree gchar *serial = NULL;
FpiDeviceEgisEtu905 *self = FPI_DEVICE_EGIS_ETU905 (device);
GUsbDevice *usb_dev;
fp_dbg ("%s enter --> ", G_STRFUNC);
@@ -1479,7 +1502,7 @@ egis_etu905_probe (FpDevice *device)
if (!g_usb_device_open (usb_dev, &error))
{
fp_dbg ("%s g_usb_device_open failed %s", G_STRFUNC, error->message);
fpi_device_probe_complete (device, NULL, NULL, error);
fpi_device_probe_complete (device, NULL, NULL, g_steal_pointer (&error));
return;
}
@@ -1487,7 +1510,7 @@ egis_etu905_probe (FpDevice *device)
{
fp_dbg ("%s g_usb_device_reset failed %s", G_STRFUNC, error->message);
g_usb_device_close (usb_dev, NULL);
fpi_device_probe_complete (device, NULL, NULL, error);
fpi_device_probe_complete (device, NULL, NULL, g_steal_pointer (&error));
return;
}
@@ -1495,7 +1518,7 @@ egis_etu905_probe (FpDevice *device)
{
fp_dbg ("%s g_usb_device_claim_interface failed %s", G_STRFUNC, error->message);
g_usb_device_close (usb_dev, NULL);
fpi_device_probe_complete (device, NULL, NULL, error);
fpi_device_probe_complete (device, NULL, NULL, g_steal_pointer (&error));
return;
}
@@ -1512,7 +1535,7 @@ egis_etu905_probe (FpDevice *device)
g_usb_device_release_interface (fpi_device_get_usb_device (FP_DEVICE (device)),
0, 0, NULL);
g_usb_device_close (usb_dev, NULL);
fpi_device_probe_complete (device, NULL, NULL, error);
fpi_device_probe_complete (device, NULL, NULL, g_steal_pointer (&error));
return;
}
@@ -1526,7 +1549,7 @@ egis_etu905_probe (FpDevice *device)
g_usb_device_release_interface (fpi_device_get_usb_device (FP_DEVICE (device)), 0, 0, NULL);
g_usb_device_close (usb_dev, NULL);
fpi_device_probe_complete (device, serial, NULL, error);
fpi_device_probe_complete (device, serial, NULL, NULL);
}
static void