[PATCH 01/15] hash: Ensure verification hex pairs are terminated
Simon Glass
sjg at chromium.org
Tue Jul 20 15:29:25 CEST 2021
This function seems to assume that the chr[] variable contains zeros at
the start, which is not always true. Use strlcpy() to be safe.
Signed-off-by: Simon Glass <sjg at chromium.org>
---
common/hash.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/common/hash.c b/common/hash.c
index 90cf46bcba5..059d381e231 100644
--- a/common/hash.c
+++ b/common/hash.c
@@ -396,7 +396,7 @@ int hash_parse_string(const char *algo_name, const char *str, uint8_t *result)
for (i = 0; i < algo->digest_size; i++) {
char chr[3];
- strncpy(chr, &str[i * 2], 2);
+ strlcpy(chr, &str[i * 2], 3);
result[i] = simple_strtoul(chr, NULL, 16);
}
--
2.32.0.402.g57bb445576-goog
More information about the U-Boot
mailing list