summaryrefslogtreecommitdiff
path: root/boot
diff options
context:
space:
mode:
authorHeinrich Schuchardt <heinrich.schuchardt@canonical.com>2021-11-15 19:26:51 +0100
committerHeinrich Schuchardt <heinrich.schuchardt@canonical.com>2022-07-18 17:21:49 +0200
commit085cbdafca9c3d7bc2f27523a343f61db82f2ccb (patch)
treeaac6a821e06f8f567979e47314fba75f73430de1 /boot
parent26f6f7fb5c0651d65afdee6d8ed36063606179a8 (diff)
downloadu-boot-085cbdafca9c3d7bc2f27523a343f61db82f2ccb.tar.gz
u-boot-085cbdafca9c3d7bc2f27523a343f61db82f2ccb.tar.bz2
u-boot-085cbdafca9c3d7bc2f27523a343f61db82f2ccb.zip
pxe: simplify label_boot()
Coverity CID 131256 indicates a possible buffer overflow in label_boot(). This would only occur if the size of the downloaded file would exceed 4 GiB. But anyway we can simplify the code by using snprintf() and checking the return value. Addresses-Coverity-ID: 131256 ("Security best practices violations (STRING_OVERFLOW)") Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ramon Fried <rfried.dev@gmail.com> Reviewed-by: Artem Lapkin <email2tema@gmail.com>
Diffstat (limited to 'boot')
-rw-r--r--boot/pxe_utils.c9
1 files changed, 4 insertions, 5 deletions
diff --git a/boot/pxe_utils.c b/boot/pxe_utils.c
index b08aee9896..defbe465e4 100644
--- a/boot/pxe_utils.c
+++ b/boot/pxe_utils.c
@@ -532,11 +532,10 @@ static int label_boot(struct pxe_context *ctx, struct pxe_label *label)
}
initrd_addr_str = env_get("ramdisk_addr_r");
- strcpy(initrd_filesize, simple_xtoa(size));
-
- strncpy(initrd_str, initrd_addr_str, 18);
- strcat(initrd_str, ":");
- strncat(initrd_str, initrd_filesize, 9);
+ size = snprintf(initrd_str, sizeof(initrd_str), "%s:%lx",
+ initrd_addr_str, size);
+ if (size >= sizeof(initrd_str))
+ return 1;
}
if (get_relfile_envaddr(ctx, label->kernel, "kernel_addr_r",