linux-sunxi/u-boot-sunxi
1
0
Fork 0
mirror of https://github.com/linux-sunxi/u-boot-sunxi.git synced 2024-02-12 11:16:03 +08:00
Code Issues Projects Releases Wiki Activity

hush shell: Avoid string write overflow when entering max cmd length

Browse Source 
console_buffer array is defined to be CONFIG_SYS_CBSIZE + 1 long,
whereas the_command array only CONFIG_SYS_CBSIZE long. Subsequent
use of strcpy(the_command, console_buffer) will write final \0
terminating byte outside the_command array when entering a command
of max length.

Signed-off-by: Kristian Otnes <kotnes <at> cisco <dot> com>
This commit is contained in:
Kristian Otnes
2014-04-25 15:35:43 +02:00
committed by Tom Rini
parent bf69d66423
commit 5c50a92bbe
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
common/hush.c
View File

@ -996,7 +996,7 @@ static void get_user_input(struct in_str *i)
i->p = the_command;
#else
int n;
static char the_command[CONFIG_SYS_CBSIZE];
static char the_command[CONFIG_SYS_CBSIZE + 1];
#ifdef CONFIG_BOOT_RETRY_TIME
# ifndef CONFIG_RESET_TO_RETRY