* [PATCH] term/serial: Ensure proper NULL termination after grub_strncpy
@ 2023-07-14 20:33 Glenn Washburn
2023-10-05 16:19 ` Daniel Kiper
0 siblings, 1 reply; 2+ messages in thread
From: Glenn Washburn @ 2023-07-14 20:33 UTC (permalink / raw)
To: grub-devel, Daniel Kiper; +Cc: Glenn Washburn
A large enough argument to the --port option could cause a string buffer
to be not NULL terminated because grub_strncpy() does not guarantee NULL
termination if copied string is longer than max characters to copy.
Fixes: 712309eaae04 (term/serial: Use grub_strncpy() instead of grub_snprintf() when only copying string)
Signed-off-by: Glenn Washburn <development@efficientek.com>
---
grub-core/term/serial.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/grub-core/term/serial.c b/grub-core/term/serial.c
index 869555430153..8260dcb7a87a 100644
--- a/grub-core/term/serial.c
+++ b/grub-core/term/serial.c
@@ -257,7 +257,10 @@ grub_cmd_serial (grub_extcmd_context_t ctxt, int argc, char **args)
{
if (grub_strncmp (state[OPTION_PORT].arg, "mmio,", sizeof ("mmio,") - 1) == 0 ||
grub_strncmp (state[OPTION_PORT].arg, "pci,", sizeof ("pci,") - 1) == 0)
- grub_strncpy (pname, state[1].arg, sizeof (pname));
+ {
+ grub_strncpy (pname, state[1].arg, sizeof (pname));
+ pname[sizeof (pname) - 1] = '\0';
+ }
else
grub_snprintf (pname, sizeof (pname), "port%lx",
grub_strtoul (state[1].arg, 0, 0));
--
2.34.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] term/serial: Ensure proper NULL termination after grub_strncpy
2023-07-14 20:33 [PATCH] term/serial: Ensure proper NULL termination after grub_strncpy Glenn Washburn
@ 2023-10-05 16:19 ` Daniel Kiper
0 siblings, 0 replies; 2+ messages in thread
From: Daniel Kiper @ 2023-10-05 16:19 UTC (permalink / raw)
To: Glenn Washburn; +Cc: grub-devel
On Fri, Jul 14, 2023 at 03:33:19PM -0500, Glenn Washburn wrote:
> A large enough argument to the --port option could cause a string buffer
> to be not NULL terminated because grub_strncpy() does not guarantee NULL
> termination if copied string is longer than max characters to copy.
>
> Fixes: 712309eaae04 (term/serial: Use grub_strncpy() instead of grub_snprintf() when only copying string)
> Signed-off-by: Glenn Washburn <development@efficientek.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Daniel
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2023-10-05 16:20 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-07-14 20:33 [PATCH] term/serial: Ensure proper NULL termination after grub_strncpy Glenn Washburn
2023-10-05 16:19 ` Daniel Kiper
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.