[PATCH v2 01/14] hash: Ensure verification hex pairs are terminated

Simon Glass sjg at chromium.org
Sat Jul 24 17:03:28 CEST 2021


This function seems to assume that the chr[] variable contains zeros at
the start, which is not always true. Use strlcpy() to be safe.

Signed-off-by: Simon Glass <sjg at chromium.org>
---

(no changes since v1)

 common/hash.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/common/hash.c b/common/hash.c
index 90cf46bcba5..059d381e231 100644
--- a/common/hash.c
+++ b/common/hash.c
@@ -396,7 +396,7 @@ int hash_parse_string(const char *algo_name, const char *str, uint8_t *result)
 	for (i = 0; i < algo->digest_size; i++) {
 		char chr[3];
 
-		strncpy(chr, &str[i * 2], 2);
+		strlcpy(chr, &str[i * 2], 3);
 		result[i] = simple_strtoul(chr, NULL, 16);
 	}
 
-- 
2.32.0.432.gabb21c7263-goog



More information about the U-Boot mailing list