[PATCH 1/1] pxe: simplify label_boot()

Art Nikpal email2tema at gmail.com
Tue Nov 16 08:09:58 CET 2021


On Tue, Nov 16, 2021 at 2:26 AM Heinrich Schuchardt
<heinrich.schuchardt at canonical.com> wrote:
>
> Coverity CID 131256 indicates a possible buffer overflow in label_boot().
> This would only occur if the size of the downloaded file would exceed 4
> GiB. But anyway we can simplify the code by using snprintf() and checking
> the return value.
>
> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt at canonical.com>
> ---
>  boot/pxe_utils.c | 9 ++++-----
>  1 file changed, 4 insertions(+), 5 deletions(-)
>
> diff --git a/boot/pxe_utils.c b/boot/pxe_utils.c
> index a7a84f26c1..5841561bdf 100644
> --- a/boot/pxe_utils.c
> +++ b/boot/pxe_utils.c
> @@ -465,11 +465,10 @@ static int label_boot(struct pxe_context *ctx, struct pxe_label *label)
>                 }
>
>                 initrd_addr_str = env_get("ramdisk_addr_r");
> -               strcpy(initrd_filesize, simple_xtoa(size));
> -
> -               strncpy(initrd_str, initrd_addr_str, 18);
> -               strcat(initrd_str, ":");
> -               strncat(initrd_str, initrd_filesize, 9);
> +               size = snprintf(initrd_str, sizeof(initrd_str), "%s:%lx",
> +                               initrd_addr_str, size);
> +               if (size >= sizeof(initrd_str))
> +                       return 1;
>         }
>
>         if (get_relfile_envaddr(ctx, label->kernel, "kernel_addr_r",
> --
> 2.32.0
>

Reviewed-by: Artem Lapkin <email2tema at gmail.com>


More information about the U-Boot mailing list