[PATCH 2/3] fru: ops: Do not let parser to write data to not allocated space

[Michal Simek]

If customs fields in board area are used it will likely go over allocated
space in struct fru_board_data. That's why calculate limit of this
structure to make sure that different data is not rewritten by accident.
When limit is reached stop to record fields.

Signed-off-by: Michal Simek <michal.simek at xilinx.com>
---

 board/xilinx/common/fru_ops.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/board/xilinx/common/fru_ops.c b/board/xilinx/common/fru_ops.c
index affcb121aa9c..b4cd3d499885 100644
--- a/board/xilinx/common/fru_ops.c
+++ b/board/xilinx/common/fru_ops.c
@@ -163,12 +163,15 @@ static int fru_parse_board(unsigned long addr)
 {
 	u8 i, type;
 	int len;
-	u8 *data, *term;
+	u8 *data, *term, *limit;
 
 	memcpy(&fru_data.brd.ver, (void *)addr, 6);
 	addr += 6;
 	data = (u8 *)&fru_data.brd.manufacturer_type_len;
 
+	/* Record max structure limit not to write data over allocated space */
+	limit = data + sizeof(struct fru_board_data);
+
 	for (i = 0; ; i++, data += FRU_BOARD_MAX_LEN) {
 		len = fru_check_type_len(*(u8 *)addr, fru_data.brd.lang_code,
 					 &type);
@@ -178,6 +181,9 @@ static int fru_parse_board(unsigned long addr)
 		if (len == -EINVAL)
 			break;
 
+		/* Stop when amount of chars is more then fields to record */
+		if (data + len > limit)
+			break;
 		/* This record type/len field */
 		*data++ = *(u8 *)addr;
 
-- 
2.29.2