[U-Boot] [PATCH] hush shell: Avoid string write overflow when entering max cmd length
Kristian Otnes
kotnes at cisco.com
Fri Apr 25 15:35:43 CEST 2014
console_buffer array is defined to be CONFIG_SYS_CBSIZE + 1 long,
whereas the_command array only CONFIG_SYS_CBSIZE long. Subsequent
use of strcpy(the_command, console_buffer) will write final \0
terminating byte outside the_command array when entering a command
of max length.
Signed-off-by: Kristian Otnes <kotnes <at> cisco <dot> com>
---
common/hush.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/common/hush.c b/common/hush.c
index df10267..5b43224 100644
--- a/common/hush.c
+++ b/common/hush.c
@@ -996,7 +996,7 @@ static void get_user_input(struct in_str *i)
i->p = the_command;
#else
int n;
- static char the_command[CONFIG_SYS_CBSIZE];
+ static char the_command[CONFIG_SYS_CBSIZE + 1];
#ifdef CONFIG_BOOT_RETRY_TIME
# ifndef CONFIG_RESET_TO_RETRY
--
1.7.10.1
More information about the U-Boot
mailing list