summaryrefslogtreecommitdiff
path: root/cmd
diff options
context:
space:
mode:
authorTom Rini <trini@konsulko.com>2017-09-26 19:37:11 -0400
committerTom Rini <trini@konsulko.com>2017-10-06 11:28:21 -0400
commitc667723ffb50b00585b729ee0da7b0e8c93ffa13 (patch)
tree651a3afb5ee2a5526911108dfa41d5cc755f5b2e /cmd
parente2e6daed5a801e361d03f98e2eb770ca4fccca2c (diff)
downloadu-boot-c667723ffb50b00585b729ee0da7b0e8c93ffa13.tar.gz
u-boot-c667723ffb50b00585b729ee0da7b0e8c93ffa13.tar.bz2
u-boot-c667723ffb50b00585b729ee0da7b0e8c93ffa13.zip
cmd/nvedit.c: Update input handling to cover overflow cases
When we have multiple messages provided, we need to be sure that we do not exceed the length of our 'message' buffer. In the for loop, make sure that pos is not larger than message. Only copy in at most however much of the message buffer remains. Finally, if we have not reached the end of the message buffer, put in a space and NULL, and if we have, ensure the buffer is now NULL termined. Reported-by: Coverity (CID: 165116) Signed-off-by: Tom Rini <trini@konsulko.com>
Diffstat (limited to 'cmd')
-rw-r--r--cmd/nvedit.c11
1 files changed, 7 insertions, 4 deletions
diff --git a/cmd/nvedit.c b/cmd/nvedit.c
index 228e904e1d..8752ff475a 100644
--- a/cmd/nvedit.c
+++ b/cmd/nvedit.c
@@ -393,15 +393,18 @@ int do_env_ask(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[])
sprintf(message, "Please enter '%s': ", argv[1]);
} else {
/* env_ask envname message1 ... messagen [size] */
- for (i = 2, pos = 0; i < argc; i++) {
+ for (i = 2, pos = 0; i < argc && pos < sizeof(message); i++) {
if (pos)
message[pos++] = ' ';
- strcpy(message + pos, argv[i]);
+ strncpy(message + pos, argv[i], sizeof(message) - pos);
pos += strlen(argv[i]);
}
- message[pos++] = ' ';
- message[pos] = '\0';
+ if (pos < sizeof(message) - 1) {
+ message[pos++] = ' ';
+ message[pos] = '\0';
+ } else
+ message[CONFIG_SYS_CBSIZE - 1] = '\0';
}
if (size >= CONFIG_SYS_CBSIZE)