[U-Boot] [PATCH] net: Fix buffer overrun error in netconsole
Joe Hershberger
joe.hershberger at ni.com
Wed Aug 30 22:32:31 UTC 2017
Need to not access the byte after the input_buffer.
Reported-by: Coverity (CID: 144423)
Signed-off-by: Joe Hershberger <joe.hershberger at ni.com>
---
drivers/net/netconsole.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/drivers/net/netconsole.c b/drivers/net/netconsole.c
index e9dbedf..028fca9 100644
--- a/drivers/net/netconsole.c
+++ b/drivers/net/netconsole.c
@@ -153,14 +153,17 @@ int nc_input_packet(uchar *pkt, struct in_addr src_ip, unsigned dest_port,
len = sizeof(input_buffer) - input_size;
end = input_offset + input_size;
- if (end > sizeof(input_buffer))
+ if (end >= sizeof(input_buffer))
end -= sizeof(input_buffer);
chunk = len;
- if (end + len > sizeof(input_buffer)) {
+ /* Check if packet will wrap in input_buffer */
+ if (end + len >= sizeof(input_buffer)) {
chunk = sizeof(input_buffer) - end;
+ /* Copy the second part of the pkt to start of input_buffer */
memcpy(input_buffer, pkt + chunk, len - chunk);
}
+ /* Copy first (or only) part of pkt after end of current valid input*/
memcpy(input_buffer + end, pkt, chunk);
input_size += len;
--
1.7.11.5
More information about the U-Boot
mailing list