[PATCH 2/2] stdio: fix stdio_deregister_dev()

Heinrich Schuchardt heinrich.schuchardt at canonical.com
Fri Sep 29 02:47:17 CEST 2023 

When copying the name of a stdio device we must ensure that it is NUL
terminated before passing it to strcmp() to avoid a buffer overrun.

Truncating the name field leads to failure to deregister a stdio device.
When copying we must ensure that the name field sizes match.

Addresses-Coverity-ID: 350462 String not null terminated
Fixes: 5294e97832a6 ("stdio: extend "name" to 32 symbols")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt at canonical.com>
---
 common/stdio.c      | 6 +++---
 include/stdio_dev.h | 3 ++-
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/common/stdio.c b/common/stdio.c
index 010bf576af..e3354f092d 100644
--- a/common/stdio.c
+++ b/common/stdio.c
@@ -259,7 +259,7 @@ int stdio_register(struct stdio_dev *dev)
 int stdio_deregister_dev(struct stdio_dev *dev, int force)
 {
 	struct list_head *pos;
-	char temp_names[3][16];
+	char temp_names[3][STDIO_NAME_LEN];
 	int i;
 
 	/* get stdio devices (ListRemoveItem changes the dev list) */
@@ -272,8 +272,8 @@ int stdio_deregister_dev(struct stdio_dev *dev, int force)
 			/* Device is assigned -> report error */
 			return -EBUSY;
 		}
-		memcpy(&temp_names[i][0], stdio_devices[i]->name,
-		       sizeof(temp_names[i]));
+		strlcpy(&temp_names[i][0], stdio_devices[i]->name,
+			sizeof(temp_names[i]));
 	}
 
 	list_del(&dev->list);
diff --git a/include/stdio_dev.h b/include/stdio_dev.h
index 7f18102052..4e3c4708f8 100644
--- a/include/stdio_dev.h
+++ b/include/stdio_dev.h
@@ -17,6 +17,7 @@
 #define DEV_FLAGS_INPUT	 0x00000001	/* Device can be used as input	console */
 #define DEV_FLAGS_OUTPUT 0x00000002	/* Device can be used as output console */
 #define DEV_FLAGS_DM     0x00000004	/* Device priv is a struct udevice * */
+#define STDIO_NAME_LEN 32
 
 int stdio_file_to_flags(const int file);
 
@@ -24,7 +25,7 @@ int stdio_file_to_flags(const int file);
 struct stdio_dev {
 	int	flags;			/* Device flags: input/output/system	*/
 	int	ext;			/* Supported extensions			*/
-	char	name[32];		/* Device name				*/
+	char	name[STDIO_NAME_LEN];	/* Device name				*/
 
 /* GENERAL functions */
 
-- 
2.40.1

More information about the U-Boot mailing list