diff mbox series

[V2] BUG: buffer overflow with semantic version > 50

Message ID 20210503142544.106348-1-stefano.babic@babic.homelinux.org
State Accepted
Headers show
Series [V2] BUG: buffer overflow with semantic version > 50 | expand

Commit Message

Stefano Babic May 3, 2021, 2:25 p.m. UTC
From: Stefano Babic <sbabic@denx.de>

SWUpdate accepts long version string up to SWUPDATE_GENERAL_STRING_SIZE
(that is 255 bytes), but the semver library has a fixed buffer that was
set to 50, causing a buffer overflow. Set buffer for semver also to
SWUPDATE_GENERAL_STRING_SIZE that is the maximum version's length.

Signed-off-by: Stefano Babic <sbabic@denx.de>
Reported-by: Jörg Mohr <joerg.mohr@solectrix.de>

V2: bug reported by Jörg, added to commit message

 core/semver.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)
diff mbox series


diff --git a/core/semver.c b/core/semver.c
index 763e7a0..67fc786 100644
--- a/core/semver.c
+++ b/core/semver.c
@@ -10,8 +10,9 @@ 
 #include <stdlib.h>
 #include <string.h>
 #include "semver.h"
+#include "globals.h"
-#define SLICE_SIZE   50
 #define DELIMITER    "."
 #define PR_DELIMITER "-"
 #define MT_DELIMITER "+"