diff mbox

[U-Boot,v4,1/1] usb: gadget: avoid variable name clipping in cb_getvar

Message ID CAJZhe_h63N++-yZMwEezszywX=rk9SkzyLkgQVghkrk0+6OK4Q@mail.gmail.com
State Superseded
Delegated to: Ɓukasz Majewski
Headers show

Commit Message

Nicolas le bayon March 13, 2017, 10:30 a.m. UTC 
From: Nicolas Le Bayon <nlebayon@gmail.com>

Instead of using a fixed-size array to store variable name, preferring a
dynamic allocation treats correctly all variable name lengths.
Variable names are growing through releases and features. By this way, name
clipping is prevented.

Signed-off-by: Nicolas Le Bayon <nlebayon@gmail.com>
---
 drivers/usb/gadget/f_fastboot.c | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

                        strncat(response, s, chars_left);
@@ -442,6 +449,8 @@ static void cb_getvar(struct usb_ep *ep, struct
usb_request *req)
                        printf("WARNING: unknown variable: %s\n", cmd);
                        strcpy(response, "FAILVariable not implemented");
                }
+
+               free(envstr);
        }
        fastboot_tx_write_str(response);
 }
--
1.9.1

Comments

Marek Vasut March 16, 2017, 10:23 p.m. UTC | #1 
On 03/13/2017 11:30 AM, Nicolas le bayon wrote:
> From: Nicolas Le Bayon <nlebayon@gmail.com>
> 
> Instead of using a fixed-size array to store variable name, preferring a
> dynamic allocation treats correctly all variable name lengths.
> Variable names are growing through releases and features. By this way, name
> clipping is prevented.
> 
> Signed-off-by: Nicolas Le Bayon <nlebayon@gmail.com>
> ---
>  drivers/usb/gadget/f_fastboot.c | 13 +++++++++++--
>  1 file changed, 11 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/usb/gadget/f_fastboot.c b/drivers/usb/gadget/f_
> fastboot.c
> index 2160b1c..11005e0 100644
> --- a/drivers/usb/gadget/f_fastboot.c
> +++ b/drivers/usb/gadget/f_fastboot.c
> @@ -432,9 +432,16 @@ static void cb_getvar(struct usb_ep *ep, struct
> usb_request *req)
>                 else
>                         strcpy(response, "FAILValue not set");
>         } else {
> -               char envstr[32];
> +               char *envstr;
> 
> -               snprintf(envstr, sizeof(envstr) - 1, "fastboot.%s", cmd);
> +               envstr = malloc(strlen("fastboot.") + strlen(cmd) + 1);
> +               if (!envstr) {
> +                       error("malloc fail");

Just drop the error() here ... if your malloc failed, you're screwed anyway.

The rest looks OK IMO .

> +                       fastboot_tx_write_str("FAILmalloc error");
> +                       return;
> +               }
> +
> +               sprintf(envstr, "fastboot.%s", cmd);
>                 s = getenv(envstr);
>                 if (s) {
>                         strncat(response, s, chars_left);
> @@ -442,6 +449,8 @@ static void cb_getvar(struct usb_ep *ep, struct
> usb_request *req)
>                         printf("WARNING: unknown variable: %s\n", cmd);
>                         strcpy(response, "FAILVariable not implemented");
>                 }
> +
> +               free(envstr);
>         }
>         fastboot_tx_write_str(response);
>  }
> --
> 1.9.1
>
diff mbox

Patch

diff --git a/drivers/usb/gadget/f_fastboot.c b/drivers/usb/gadget/f_
fastboot.c
index 2160b1c..11005e0 100644
--- a/drivers/usb/gadget/f_fastboot.c
+++ b/drivers/usb/gadget/f_fastboot.c
@@ -432,9 +432,16 @@  static void cb_getvar(struct usb_ep *ep, struct
usb_request *req)
                else
                        strcpy(response, "FAILValue not set");
        } else {
-               char envstr[32];
+               char *envstr;

-               snprintf(envstr, sizeof(envstr) - 1, "fastboot.%s", cmd);
+               envstr = malloc(strlen("fastboot.") + strlen(cmd) + 1);
+               if (!envstr) {
+                       error("malloc fail");
+                       fastboot_tx_write_str("FAILmalloc error");
+                       return;
+               }
+
+               sprintf(envstr, "fastboot.%s", cmd);
                s = getenv(envstr);
                if (s) {