diff options
author | Heinrich Schuchardt <heinrich.schuchardt@canonical.com> | 2021-11-15 19:26:51 +0100 |
---|---|---|
committer | Heinrich Schuchardt <heinrich.schuchardt@canonical.com> | 2022-07-18 17:21:49 +0200 |
commit | 085cbdafca9c3d7bc2f27523a343f61db82f2ccb (patch) | |
tree | aac6a821e06f8f567979e47314fba75f73430de1 /boot | |
parent | 26f6f7fb5c0651d65afdee6d8ed36063606179a8 (diff) | |
download | u-boot-085cbdafca9c3d7bc2f27523a343f61db82f2ccb.tar.gz u-boot-085cbdafca9c3d7bc2f27523a343f61db82f2ccb.tar.bz2 u-boot-085cbdafca9c3d7bc2f27523a343f61db82f2ccb.zip |
pxe: simplify label_boot()
Coverity CID 131256 indicates a possible buffer overflow in label_boot().
This would only occur if the size of the downloaded file would exceed 4
GiB. But anyway we can simplify the code by using snprintf() and checking
the return value.
Addresses-Coverity-ID: 131256 ("Security best practices violations (STRING_OVERFLOW)")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ramon Fried <rfried.dev@gmail.com>
Reviewed-by: Artem Lapkin <email2tema@gmail.com>
Diffstat (limited to 'boot')
-rw-r--r-- | boot/pxe_utils.c | 9 |
1 files changed, 4 insertions, 5 deletions
diff --git a/boot/pxe_utils.c b/boot/pxe_utils.c index b08aee9896..defbe465e4 100644 --- a/boot/pxe_utils.c +++ b/boot/pxe_utils.c @@ -532,11 +532,10 @@ static int label_boot(struct pxe_context *ctx, struct pxe_label *label) } initrd_addr_str = env_get("ramdisk_addr_r"); - strcpy(initrd_filesize, simple_xtoa(size)); - - strncpy(initrd_str, initrd_addr_str, 18); - strcat(initrd_str, ":"); - strncat(initrd_str, initrd_filesize, 9); + size = snprintf(initrd_str, sizeof(initrd_str), "%s:%lx", + initrd_addr_str, size); + if (size >= sizeof(initrd_str)) + return 1; } if (get_relfile_envaddr(ctx, label->kernel, "kernel_addr_r", |