From fa7c60eb0c450a5b649810dc99bfbe1dd6f0ced5 Mon Sep 17 00:00:00 2001
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Date: Wed, 12 Aug 2015 17:44:28 +0300
Subject: [PATCH] tools/hciattach: Fix not checking the size given to strcat

strcat will attempt to append the 2 strings but it assumes the
destination is big enough to hold the result.
---
 tools/hciattach.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/tools/hciattach.c b/tools/hciattach.c
index 4dc5be563..59a76a7a1 100644
--- a/tools/hciattach.c
+++ b/tools/hciattach.c
@@ -1358,6 +1358,12 @@ int main(int argc, char *argv[])
 			dev[0] = 0;
 			if (!strchr(opt, '/'))
 				strcpy(dev, "/dev/");
+
+			if (strlen(opt) > PATH_MAX - (strlen(dev) + 1)) {
+				fprintf(stderr, "Invalid serial device\n");
+				exit(1);
+			}
+
 			strcat(dev, opt);
 			break;
 
-- 
2.47.3