From 7f7a7c850e404d24cd3bc9d2b9b408287e4e0ba0 Mon Sep 17 00:00:00 2001
From: Harald Welte <laforge@gnumonks.org>
Date: Sun, 21 Jul 2019 08:05:22 +0200
Subject: osmocon: Fix out-of-bounds for partial reads in un_tool_read()

"uint8_t buf[4096]; ... &buf + 1" renders an offset of 4096, and not 1!

Change-Id: Ie1407371fe949c3d5746b9fdc32ececc9443692b
Closes: CID#198580
---
 src/host/osmocon/osmocon.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'src/host/osmocon')

diff --git a/src/host/osmocon/osmocon.c b/src/host/osmocon/osmocon.c
index 26416f76..9090d276 100644
--- a/src/host/osmocon/osmocon.c
+++ b/src/host/osmocon/osmocon.c
@@ -1242,7 +1242,7 @@ static int un_tool_read(struct osmo_fd *fd, unsigned int flags)
 
 	c = 0;
 	while(c < 2) {
-		rc = read(fd->fd, &buf + c, 2 - c);
+		rc = read(fd->fd, buf + c, 2 - c);
 		if(rc == 0) {
 			// disconnect
 			goto close;
@@ -1262,7 +1262,7 @@ static int un_tool_read(struct osmo_fd *fd, unsigned int flags)
 
 	c = 0;
 	while(c < length) {
-		rc = read(fd->fd, &buf + c, length - c);
+		rc = read(fd->fd, buf + c, length - c);
 		if(rc == 0) {
 			// disconnect
 			goto close;
-- 
cgit v1.2.3