[U-Boot] [PATCH v2 2/2] image: Protect against overflow in unknown_msg()

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Siarhei Siamashka <siarhei.siamashka@gmail.com>
To: u-boot@lists.denx.de
Subject: [U-Boot] [PATCH v2 2/2] image: Protect against overflow in unknown_msg()
Date: Fri, 28 Oct 2016 04:22:57 +0300	[thread overview]
Message-ID: <20161028042257.04f5049d@i7> (raw)
In-Reply-To: <1477615121-9968-2-git-send-email-sjg@chromium.org>

On Thu, 27 Oct 2016 18:38:40 -0600
Simon Glass <sjg@chromium.org> wrote:

> Coverity complains that this can overflow. If we later increase the size
> of one of the strings in the table, it could happen.
> 
> Adjust the code to protect against this.
> 
> Signed-off-by: Simon Glass <sjg@chromium.org>
> Reported-by: Coverity (CID: 150964)
> ---
> 
> Changes in v2:
> - Drop unwanted #include
> 
>  common/image.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/common/image.c b/common/image.c
> index 0e86c13..4255267 100644
> --- a/common/image.c
> +++ b/common/image.c
> @@ -590,7 +590,7 @@ static const char *unknown_msg(enum ih_category category)
>  	static char msg[30];
>  
>  	strcpy(msg, "Unknown ");
> -	strcat(msg, table_info[category].desc);
> +	strncat(msg, table_info[category].desc, sizeof(msg) - 1);

"man strncat" on my system says:

       char *strncat(char *dest, const char *src, size_t n);

       ...

       If src contains n or more bytes, strncat() writes n+1 bytes to
       dest (n from src plus the terminating null byte).  Therefore,
       the size of dest must be at least strlen(dest)+n+1.

>  
>  	return msg;
>  }


-- 
Best regards,
Siarhei Siamashka

next prev parent reply	other threads:[~2016-10-28  1:22 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-10-28  0:38 [U-Boot] [PATCH v2 2/2] image: Protect against overflow in unknown_msg() Simon Glass
2016-10-28  1:22 ` Siarhei Siamashka [this message]
2016-10-28  2:18   ` Simon Glass
  -- strict thread matches above, loose matches on Subject: below --
2016-10-27 23:54 [U-Boot] [PATCH v2 1/2] mkimage: Fix missing free() in show_valid_options() Simon Glass
2016-10-27 23:54 ` [U-Boot] [PATCH v2 2/2] image: Protect against overflow in unknown_msg() Simon Glass

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20161028042257.04f5049d@i7 \
    --to=siarhei.siamashka@gmail.com \
    --cc=u-boot@lists.denx.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.