From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <u-boot-bounces@lists.denx.de>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from phobos.denx.de (phobos.denx.de [85.214.62.61])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.lore.kernel.org (Postfix) with ESMTPS id 054F1C433EF
	for <u-boot@archiver.kernel.org>; Sun,  3 Apr 2022 10:39:46 +0000 (UTC)
Received: from h2850616.stratoserver.net (localhost [IPv6:::1])
	by phobos.denx.de (Postfix) with ESMTP id C7AD483AF9;
	Sun,  3 Apr 2022 12:39:30 +0200 (CEST)
Authentication-Results: phobos.denx.de; dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
Authentication-Results: phobos.denx.de;
	dkim=pass (2048-bit key; unprotected) header.d=google.com header.i=@google.com header.b="BU6dr/x1";
	dkim-atps=neutral
Received: by phobos.denx.de (Postfix, from userid 109)
 id 5DE4483994; Sun,  3 Apr 2022 12:39:27 +0200 (CEST)
Received: from mail-wm1-x34a.google.com (mail-wm1-x34a.google.com
 [IPv6:2a00:1450:4864:20::34a])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits))
 (No client certificate requested)
 by phobos.denx.de (Postfix) with ESMTPS id EDD9A839AA
 for <u-boot@lists.denx.de>; Sun,  3 Apr 2022 12:39:22 +0200 (CEST)
Authentication-Results: phobos.denx.de;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: phobos.denx.de; spf=pass
 smtp.mailfrom=3WnlJYgYKBosp7r900v33v0t.r319-q3380x787.st2C.st@flex--ascull.bounces.google.com
Received: by mail-wm1-x34a.google.com with SMTP id
 r64-20020a1c2b43000000b0038b59eb1940so4023964wmr.0
 for <u-boot@lists.denx.de>; Sun, 03 Apr 2022 03:39:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112;
 h=date:in-reply-to:message-id:mime-version:references:subject:from:to
 :cc; bh=yjOhJg+CgHDGktMUvA1M3Fc88UXarrhfV0liYEoauP4=;
 b=BU6dr/x1Jo2teeIYjcKgZHktuDotDQpBqimZvahTHEVEbW4r/7/bo17UBSpXrVjXqR
 VXlYqI7SHo8xrWb11bNkMOjqq3euDo4PM2JnhVzFvyLQQjPvdPCbj2C8xNUKw7sSUmAR
 3/xcYs+j92DuiODOb5u0X01jMKaZdccmUvALZelTwOd178+u0G6YpR+vy4QLRDTx7uZK
 bFXq8ksWRnXv0SX4T3zflR3NMbmK6386HnBOPNoUVV4KeCfvhWl6nMsVrgdwX9us1ZDk
 f9vNor35+XkikNdp5dfW0YYkmEgp9F94X6AUabgR8G5eUqApnj8oy5O5cfMCeDcycNx0
 fnXw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:date:in-reply-to:message-id:mime-version
 :references:subject:from:to:cc;
 bh=yjOhJg+CgHDGktMUvA1M3Fc88UXarrhfV0liYEoauP4=;
 b=EUUrC2G/Ydoc4/QiqypMe0VPraiFOWv+idQyakmfqPvcEZc4aefuUpyemaOhzbIIwu
 Sygv54H/4CugYeEp+ZQVJHpc3kECC4e550oKh7JjumX8/FBc60KRE59jTBSFjRL3wZai
 cfF9sUDS7aQBCDpKjR5eXXF6U8PDDRYqaniP7wlnZkRPFf+MumllB1bAGmOfaVgicEbP
 0gNZtAaNAmuD9nl/VfRBp/vVibZwfVhCwQG3YyjHfmGxrFtHRHz4Hx+nRQVaCCgOmzfg
 qyBtQVKFzuWOLuuWHvq+2v8szmPSuXHoNPwHsOB8PkPdIDHXmNw8L5O5mHE6rL8KO/2Y
 RfmQ==
X-Gm-Message-State: AOAM533SMciRnsleHzLQJH828HJJ0HzXOgJbEOWaZdGgKx99gk4xwS+R
 b/NlGAU7xWKyvPYRPGzVe1Nxpx7v3EslttvrjKY2SjahjoFI7ayjD5a1UsFQWWib5TmEzOM6N/J
 MZaM59z7xGHrOBuJ+wQ7uzthjQ02uBCFZwDrZSMGRam3poDKVR0T2aZcPQCA=
X-Google-Smtp-Source: ABdhPJyYOWmwpHArD2DxoRLyRNUplBpjPnRz80pnXzQ1LaKKXr2EY3BPAItyF5g8vknb1b3gFxMXlS+30+k=
X-Received: from ascull.c.googlers.com ([fda3:e722:ac3:cc00:28:9cb1:c0a8:1510])
 (user=ascull job=sendgmr) by 2002:a05:600c:4e91:b0:38c:c1ac:c018 with SMTP id
 f17-20020a05600c4e9100b0038cc1acc018mr15650057wmq.189.1648982362568; Sun, 03
 Apr 2022 03:39:22 -0700 (PDT)
Date: Sun,  3 Apr 2022 10:39:09 +0000
In-Reply-To: <20220403103915.3338027-1-ascull@google.com>
Message-Id: <20220403103915.3338027-3-ascull@google.com>
Mime-Version: 1.0
References: <20220403103915.3338027-1-ascull@google.com>
X-Mailer: git-send-email 2.35.1.1094.g7c7d902a7c-goog
Subject: [PATCH 2/8] acpi: Fix buffer overflow in do_acpi_dump()
From: Andrew Scull <ascull@google.com>
To: u-boot@lists.denx.de
Cc: sjg@chromium.org, seanga2@gmail.com, Andrew Scull <ascull@google.com>, 
 Wolfgang Wallner <wolfgang.wallner@br-automation.com>,
 Bin Meng <bmeng.cn@gmail.com>
Content-Type: text/plain; charset="UTF-8"
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <https://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de
X-Virus-Status: Clean

When do_acpi_dump() converts the table name to upper case, pass the
actual size of the output buffer so that the null terminator doesn't get
written beyond the end of the buffer.

Signed-off-by: Andrew Scull <ascull@google.com>
Cc: Simon Glass <sjg@chromium.org>
Cc: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
Cc: Bin Meng <bmeng.cn@gmail.com>
---
 cmd/acpi.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cmd/acpi.c b/cmd/acpi.c
index c543f1e3c2..0e473b415d 100644
--- a/cmd/acpi.c
+++ b/cmd/acpi.c
@@ -178,7 +178,7 @@ static int do_acpi_dump(struct cmd_tbl *cmdtp, int flag, int argc,
 		printf("Table name '%s' must be four characters\n", name);
 		return CMD_RET_FAILURE;
 	}
-	str_to_upper(name, sig, -1);
+	str_to_upper(name, sig, ACPI_NAME_LEN);
 	ret = dump_table_name(sig);
 	if (ret) {
 		printf("Table '%.*s' not found\n", ACPI_NAME_LEN, sig);
-- 
2.35.1.1094.g7c7d902a7c-goog