diff options
| author | Heinrich Schuchardt <heinrich.schuchardt@canonical.com> | 2023-09-29 02:47:17 +0200 |
|---|---|---|
| committer | Tom Rini <trini@konsulko.com> | 2023-10-09 15:24:31 -0400 |
| commit | 6da11cc81ea773d9a1e3059da311c6f2e2aeb6ef (patch) | |
| tree | f263b4f7a655ae63af68784be4dd834858a8095c | |
| parent | 6a1e0ae43e2108a88e022103b3b303c9f4964a64 (diff) | |
stdio: fix stdio_deregister_dev()
When copying the name of a stdio device we must ensure that it is NUL
terminated before passing it to strcmp() to avoid a buffer overrun.
Truncating the name field leads to failure to deregister a stdio device.
When copying we must ensure that the name field sizes match.
Addresses-Coverity-ID: 350462 String not null terminated
Fixes: 5294e97832a6 ("stdio: extend "name" to 32 symbols")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
| -rw-r--r-- | common/stdio.c | 6 | ||||
| -rw-r--r-- | include/stdio_dev.h | 3 |
2 files changed, 5 insertions, 4 deletions
diff --git a/common/stdio.c b/common/stdio.c index 010bf576af0..e3354f092dc 100644 --- a/common/stdio.c +++ b/common/stdio.c @@ -259,7 +259,7 @@ int stdio_register(struct stdio_dev *dev) int stdio_deregister_dev(struct stdio_dev *dev, int force) { struct list_head *pos; - char temp_names[3][16]; + char temp_names[3][STDIO_NAME_LEN]; int i; /* get stdio devices (ListRemoveItem changes the dev list) */ @@ -272,8 +272,8 @@ int stdio_deregister_dev(struct stdio_dev *dev, int force) /* Device is assigned -> report error */ return -EBUSY; } - memcpy(&temp_names[i][0], stdio_devices[i]->name, - sizeof(temp_names[i])); + strlcpy(&temp_names[i][0], stdio_devices[i]->name, + sizeof(temp_names[i])); } list_del(&dev->list); diff --git a/include/stdio_dev.h b/include/stdio_dev.h index 7f181020524..4e3c4708f80 100644 --- a/include/stdio_dev.h +++ b/include/stdio_dev.h @@ -17,6 +17,7 @@ #define DEV_FLAGS_INPUT 0x00000001 /* Device can be used as input console */ #define DEV_FLAGS_OUTPUT 0x00000002 /* Device can be used as output console */ #define DEV_FLAGS_DM 0x00000004 /* Device priv is a struct udevice * */ +#define STDIO_NAME_LEN 32 int stdio_file_to_flags(const int file); @@ -24,7 +25,7 @@ int stdio_file_to_flags(const int file); struct stdio_dev { int flags; /* Device flags: input/output/system */ int ext; /* Supported extensions */ - char name[32]; /* Device name */ + char name[STDIO_NAME_LEN]; /* Device name */ /* GENERAL functions */ |