[U-Boot,1/1] siemens: avoid out of bound access

Message ID	20190822195826.10142-1-xypron.glpk@gmx.de
State	Accepted
Commit	3c7166dbb464a65d9822cfee7c233a7d8c1a9672
Delegated to:	Tom Rini
Headers	show Return-Path: <u-boot-bounces@lists.denx.de> From: Heinrich Schuchardt <xypron.glpk@gmx.de> To: Albert Aribaud <albert.u.boot@aribaud.net> Date: Thu, 22 Aug 2019 21:58:26 +0200 Message-Id: <20190822195826.10142-1-xypron.glpk@gmx.de> MIME-Version: 1.0 Cc: Joe Hershberger <joe.hershberger@ni.com>, Heinrich Schuchardt <xypron.glpk@gmx.de>, u-boot@lists.denx.de Subject: [U-Boot] [PATCH 1/1] siemens: avoid out of bound access Precedence: list Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
Series	[U-Boot,1/1] siemens: avoid out of bound access \| expand [U-Boot,1/1] siemens: avoid out of bound access

Message ID

20190822195826.10142-1-xypron.glpk@gmx.de

State

Accepted

Commit

3c7166dbb464a65d9822cfee7c233a7d8c1a9672

Delegated to:

Tom Rini

Headers

show

Return-Path: <u-boot-bounces@lists.denx.de>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=lists.denx.de
	(client-ip=81.169.180.215; helo=lists.denx.de;
	envelope-from=u-boot-bounces@lists.denx.de;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=none (p=none dis=none) header.from=gmx.de
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (1024-bit key;
	secure) header.d=gmx.net header.i=@gmx.net header.b="N6ZMHSg0";
	dkim-atps=neutral
Received: from lists.denx.de (dione.denx.de [81.169.180.215])
	by ozlabs.org (Postfix) with ESMTP id 46DwMd4DdPz9sMr
	for <incoming@patchwork.ozlabs.org>;
	Fri, 23 Aug 2019 05:58:51 +1000 (AEST)
Received: by lists.denx.de (Postfix, from userid 105)
	id C0DADC220D7; Thu, 22 Aug 2019 19:58:44 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de
X-Spam-Level: 
X-Spam-Status: No, score=0.0 required=5.0 tests=FREEMAIL_FROM, T_DKIM_INVALID
	autolearn=unavailable autolearn_force=no version=3.4.0
Received: from lists.denx.de (localhost [IPv6:::1])
	by lists.denx.de (Postfix) with ESMTP id 3E10FC22066;
	Thu, 22 Aug 2019 19:58:43 +0000 (UTC)
Received: by lists.denx.de (Postfix, from userid 105)
	id 71E07C22066; Thu, 22 Aug 2019 19:58:42 +0000 (UTC)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.15])
	by lists.denx.de (Postfix) with ESMTPS id 05F04C22047
	for <u-boot@lists.denx.de>; Thu, 22 Aug 2019 19:58:42 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net;
	s=badeba3b8450; t=1566503913;
	bh=u5pd6CU5Phb9WaZDI0mvgrbKO1acH3og3Hb/t40m0hI=;
	h=X-UI-Sender-Class:From:To:Cc:Subject:Date;
	b=N6ZMHSg0/mwZ3CM7+EiQeXXoPGLF5z+zyodtYdJmxQ3oWhq0AmhbtRW9XYeDsBM0u
	W/QPkGw+lWJHyI2r8lfVcj/RpiA1HX8zJIyJgUYv69rYniiRPp0G2qFqXqtvWd6uiu
	zLXxSUiRjcTjqZbkyOhpzqxmxo7nH5wsewmO/yPU=
X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c
Received: from LT02.fritz.box ([84.118.159.3]) by mail.gmx.com (mrgmx002
	[212.227.17.184]) with ESMTPSA (Nemesis) id 0LdHqj-1iizKy1L1N-00iUxH;
	Thu, 22 Aug 2019 21:58:33 +0200
From: Heinrich Schuchardt <xypron.glpk@gmx.de>
To: Albert Aribaud <albert.u.boot@aribaud.net>
Date: Thu, 22 Aug 2019 21:58:26 +0200
Message-Id: <20190822195826.10142-1-xypron.glpk@gmx.de>
X-Mailer: git-send-email 2.20.1
MIME-Version: 1.0
X-Provags-ID: V03:K1:A72Do6nTstYbo2ipmKVXwULOc+cmYo+G5oRdx3Py9Pr7sfatf/B
	480C8qg6C6+6/lL15WySZl/0FwY9n6z5tzd2lxzhCclXErp8gTCnH2lwq1o9pzEt9wPkxUz
	NZDyB1n/9KY2YQ8T1c81vCAbtd97SVql5RmkUY8JEgtg43kpqEdzHtlwszWpHqbfaZMPxAv
	fLZu9NOZZp3SMoNawWvKw==
X-UI-Out-Filterresults: notjunk:1; V03:K0:DrUJDJvyf4k=:GQMiQVgwpnlvgLCnhswuGc
	VtI2WZh0xncnPa7UWEczqbRMSXQeROphftNPTQ+2L08dd/20yk8a+C9Dk8NrBI4ypNhND+Jw4
	LDVzfje8WTAqGCvhFp/vBLrlZOpYbQPh1pSnzuRRb1A+0yZJ/zqCF9sMtDzcR3XnZ+EqKzywG
	36s6gpyZARnivQhlsyZ/tkc7haI6gLPGc3QxqsF49lEcWxG9HuO1yxQ7Ns1lylSPErBm+Lsxx
	hDoW8nWKsMODSD+NxGdnTlPnGH0MnUohovmahYKBVjtnUP0qR9jNu3LkaPvty4j+8pDbyshW4
	iqsTVPJNXcUaUUZcOOtf95VupdzckhA4d44z95dF35yrIngTaa39hDb1t+q0x+c7qW5HZZlN+
	thw92sM5kbwzuElZxA6jBcsJtMF6DihqF8HcOQ37/c6zIZ2UGqWLswYcEOAAbhyRU5cv6pn++
	LHNVB5wSpkeDmUj3U7YUxKfjRUIh9VWlSysEmKoZB5QUCO4rJgIlgrPgUtglKRyz1QZfX90QY
	e361Z1Fe/hKHq/l2Io1LUsQnHOxuPkPv86HAoSiH9JL12QhswpVEiObCeCJF8BkrtQcMetFrn
	oZeZVSOep9mzE7VZVCTrrB0+FNC1VjYVi9RvTduk9tdB/RwcqyGgjZpetjI/sYNFkWwfCZLyF
	gqVDdIj/0xV+4/WGhyjAKbb2sg0wE6hg2FHtvyTekueP66X4Te5mP/W8PHHm0XEuVvthulj4Q
	EnLs8KNZVY4uLuqULriufDErkKcdOv201S7GLwVkNYwr3KQnq2Sqk7WD9paBsombFaxgFWy8Y
	RA3tcCf50G0GorMOjIxabT8Xn0TJEsXhpgTWi+ekrmQZPWzoIXfGKTlpEwa3+syHOehuqmScR
	MOcjfL6AqZCoPPwIFaKMYjgROoSJcS3XzAMJzv6PPu9zAJx0Q+h8hYeNVabLq+XkuzYUiYOTb
	hsz+fp2RSIYdAoBihoJmDyg2ewhqaKOzT7cTdEuBG0XiMKHZ7gtedsGupJLzhtEL1b06DZkFJ
	hO1s+iFh/ft6l4Ux6bjLK+5hXsVH5Wn+hdFs8SXrOj7tVF7Jf2Ph3PYA9ldo5urVruAsBxoXf
	5maOJIXtbdA0kLjnceaJBTFh38MKcpOI6XVBHPQ6ltgDZzm6zBbw8Ykvg==
Cc: Joe Hershberger <joe.hershberger@ni.com>,
	Heinrich Schuchardt <xypron.glpk@gmx.de>, u-boot@lists.denx.de
Subject: [U-Boot] [PATCH 1/1] siemens: avoid out of bound access
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
	<mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <http://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
	<mailto:u-boot-request@lists.denx.de?subject=subscribe>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>

Series

[U-Boot,1/1] siemens: avoid out of bound access | expand

Commit Message

Heinrich Schuchardt Aug. 22, 2019, 7:58 p.m. UTC

char num[1];
	sprintf(num, "%d", i);

leads to a buffer overrun.

Simplify the overly complex coding.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
---
 board/siemens/common/board.c | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

--
2.20.1

Comments

Bin Meng Aug. 23, 2019, 3:30 a.m. UTC | #1

On Fri, Aug 23, 2019 at 3:59 AM Heinrich Schuchardt <xypron.glpk@gmx.de> wrote:
>
>         char num[1];
>         sprintf(num, "%d", i);
>
> leads to a buffer overrun.
>
> Simplify the overly complex coding.
>
> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
> ---
>  board/siemens/common/board.c | 5 +----
>  1 file changed, 1 insertion(+), 4 deletions(-)
>

Reviewed-by: Bin Meng <bmeng.cn@gmail.com>

Heiko Schocher Aug. 29, 2019, 5:38 a.m. UTC | #2

Hello Heinrich,

Am 22.08.2019 um 21:58 schrieb Heinrich Schuchardt:
> 	char num[1];
> 	sprintf(num, "%d", i);
> 
> leads to a buffer overrun.
> 
> Simplify the overly complex coding.
> 
> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
> ---
>   board/siemens/common/board.c | 5 +----
>   1 file changed, 1 insertion(+), 4 deletions(-)

Thanks!

Acked-by: Heiko Schocher <hs@denx.de>

bye,
Heiko

Tom Rini Sept. 2, 2019, 2:13 p.m. UTC | #3

On Thu, Aug 22, 2019 at 09:58:26PM +0200, Heinrich Schuchardt wrote:

> char num[1];
> 	sprintf(num, "%d", i);
> 
> leads to a buffer overrun.
> 
> Simplify the overly complex coding.
> 
> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
> Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
> Acked-by: Heiko Schocher <hs@denx.de>

Applied to u-boot/master, thanks!

diff --git a/board/siemens/common/board.c b/board/siemens/common/board.c
index 676935a843..75462d1c34 100644
--- a/board/siemens/common/board.c
+++ b/board/siemens/common/board.c
@@ -189,14 +189,11 @@  void set_env_gpios(unsigned char state)
 {
 	char *ptr_env;
 	char str_tmp[5];	/* must contain "ledX"*/
-	char num[1];
 	unsigned char i, idx, pos1, pos2, ccount;
 	unsigned char gpio_n, gpio_s0, gpio_s1;

 	for (i = 0; i < MAX_NR_LEDS; i++) {
-		strcpy(str_tmp, "led");
-		sprintf(num, "%d", i);
-		strcat(str_tmp, num);
+		sprintf(str_tmp, "led%d", i);

 		/* If env var is not found we stop */
 		ptr_env = env_get(str_tmp);

[U-Boot,1/1] siemens: avoid out of bound access

Commit Message

Comments

Patch