[PATCH] fastboot: mmc: Fix dest size in strlcat()
Ariel D'Alessandro
ariel.dalessandro at collabora.com
Thu Sep 30 15:47:40 CEST 2021
strlcat() is truncating the destination string to the size of the source
string. Fix size argument in strlcat() to match the size of destination
buffer.
Bug was introduced in the following commit:
commit 69a752983171c2983fc1f29c7cfa1844f41e5d8b
Author: Sean Anderson <seanga2 at gmail.com>
fastboot: Fix possible buffer overrun
Signed-off-by: Ariel D'Alessandro <ariel.dalessandro at collabora.com>
---
drivers/fastboot/fb_mmc.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/fastboot/fb_mmc.c b/drivers/fastboot/fb_mmc.c
index cbb3f7b1dea..4c54f0c3893 100644
--- a/drivers/fastboot/fb_mmc.c
+++ b/drivers/fastboot/fb_mmc.c
@@ -40,7 +40,7 @@ static int raw_part_get_info_by_name(struct blk_desc *dev_desc,
/* check for raw partition descriptor */
strcpy(env_desc_name, "fastboot_raw_partition_");
- strlcat(env_desc_name, name, PART_NAME_LEN);
+ strlcat(env_desc_name, name, ARRAY_SIZE(env_desc_name));
raw_part_desc = strdup(env_get(env_desc_name));
if (raw_part_desc == NULL)
return -ENODEV;
@@ -114,7 +114,7 @@ static int part_get_info_by_name_or_alias(struct blk_desc **dev_desc,
/* check for alias */
strcpy(env_alias_name, "fastboot_partition_alias_");
- strlcat(env_alias_name, name, PART_NAME_LEN);
+ strlcat(env_alias_name, name, ARRAY_SIZE(env_alias_name));
aliased_part_name = env_get(env_alias_name);
if (aliased_part_name != NULL)
ret = do_get_part_info(dev_desc, aliased_part_name,
--
2.30.2
More information about the U-Boot
mailing list