hplip uses insecure memcpy
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
HPLIP |
New
|
Undecided
|
Unassigned |
Bug Description
Hello,
While using hplip 3.6.11 on LEDE (https:/
io/hpmud/
770 len = size-1; /* leave byte for zero termination */
771 if (len > 2)
772 len -= 2;
773 memcpy(buffer, buffer+2, len); /* remove length */
774 buffer[len]=0;
775 DBG("read actual device_id successfully fd=%d len=%d\n", fd, len);
memcpy should never be used with overlapping memory regions (http://
I do have a patch for it, but I guess it is too trivial to be used. It simply replace memcpy with memmove:
https:/
I'm not sure if this could be a security vulnerability (probably not).
Pinging again...
This bug is still present in hplip-3.18.6 and it has a patch (link in comments). Please, fix upstream.