"Das U-Boot" Source Tree
cmd: elf: Prevent possible buffer overflow
In do_bootvx the environment variable 'bootdev' is fetched and copied
into a buffer without confirming that it will not overflow that buffer.
Use strlcpy to ensure that the buffer will not be overflowed.
This issue was found by Smatch.
Signed-off-by: Andrew Goodbody <andrew.goodbody@linaro.org>
authored by
Andrew Goodbody
and committed by
Tom Rini
b83f865e
9b2e7941
+4
-2
+4
-2
cmd/elf.c
+4
-2
cmd/elf.c
···
21
21
#include <linux/linkage.h>
22
22
#endif
23
23
24
+
#define BOOTLINE_BUF_LEN 128
25
+
24
26
/* Interpreter command to boot an arbitrary ELF image from memory */
25
27
int do_bootelf(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[])
26
28
{
···
114
116
unsigned long bootaddr = 0; /* Address to put the bootline */
115
117
char *bootline; /* Text of the bootline */
116
118
char *tmp; /* Temporary char pointer */
117
-
char build_buf[128]; /* Buffer for building the bootline */
119
+
char build_buf[BOOTLINE_BUF_LEN]; /* Buffer for building the bootline */
118
120
int ptr = 0;
119
121
#ifdef CONFIG_X86
120
122
ulong base;
···
226
228
if (!bootline) {
227
229
tmp = env_get("bootdev");
228
230
if (tmp) {
229
-
strcpy(build_buf, tmp);
231
+
strlcpy(build_buf, tmp, BOOTLINE_BUF_LEN);
230
232
ptr = strlen(tmp);
231
233
} else {
232
234
printf("## VxWorks boot device not specified\n");