| Message ID | 1423809223-24219-2-git-send-email-dileep.katta@linaro.org |
|---|---|
| State | Accepted |
| Delegated to: | Łukasz Majewski |
| Headers | show |
On 15-02-12 10:33 PM, Dileep Katta wrote: > If the string is copied without NULL termination using strncpy(), > then strncat() on the next line, may concatenate the string after > some stale (or random) data, if the response string was not > zero-initialized. > > Signed-off-by: Dileep Katta <dileep.katta@linaro.org> > --- > common/fb_mmc.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/common/fb_mmc.c b/common/fb_mmc.c > index 3911989..73055cc 100644 > --- a/common/fb_mmc.c > +++ b/common/fb_mmc.c > @@ -23,13 +23,13 @@ static char *response_str; > > void fastboot_fail(const char *s) > { > - strncpy(response_str, "FAIL", 4); > + strncpy(response_str, "FAIL\0", 5); > strncat(response_str, s, RESPONSE_LEN - 4 - 1); > } > > void fastboot_okay(const char *s) > { > - strncpy(response_str, "OKAY", 4); > + strncpy(response_str, "OKAY\0", 5); > strncat(response_str, s, RESPONSE_LEN - 4 - 1); > } > > THANKS! Reviewed-by: Steve Rae <srae@broadcom.com>
Hi Dileep, > If the string is copied without NULL termination using strncpy(), > then strncat() on the next line, may concatenate the string after > some stale (or random) data, if the response string was not > zero-initialized. > > Signed-off-by: Dileep Katta <dileep.katta@linaro.org> > --- > common/fb_mmc.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/common/fb_mmc.c b/common/fb_mmc.c > index 3911989..73055cc 100644 > --- a/common/fb_mmc.c > +++ b/common/fb_mmc.c > @@ -23,13 +23,13 @@ static char *response_str; > > void fastboot_fail(const char *s) > { > - strncpy(response_str, "FAIL", 4); > + strncpy(response_str, "FAIL\0", 5); > strncat(response_str, s, RESPONSE_LEN - 4 - 1); > } > > void fastboot_okay(const char *s) > { > - strncpy(response_str, "OKAY", 4); > + strncpy(response_str, "OKAY\0", 5); > strncat(response_str, s, RESPONSE_LEN - 4 - 1); > } > Applied to u-boot-dfu branch. Thanks for the patch!
diff --git a/common/fb_mmc.c b/common/fb_mmc.c index 3911989..73055cc 100644 --- a/common/fb_mmc.c +++ b/common/fb_mmc.c @@ -23,13 +23,13 @@ static char *response_str; void fastboot_fail(const char *s) { - strncpy(response_str, "FAIL", 4); + strncpy(response_str, "FAIL\0", 5); strncat(response_str, s, RESPONSE_LEN - 4 - 1); } void fastboot_okay(const char *s) { - strncpy(response_str, "OKAY", 4); + strncpy(response_str, "OKAY\0", 5); strncat(response_str, s, RESPONSE_LEN - 4 - 1); }
If the string is copied without NULL termination using strncpy(), then strncat() on the next line, may concatenate the string after some stale (or random) data, if the response string was not zero-initialized. Signed-off-by: Dileep Katta <dileep.katta@linaro.org> --- common/fb_mmc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)