[PATCH 3/3] common: cli_hush: fix console_buffer overflow on boot retry
Ngo Luong Thanh Tra
ngotra27101996 at gmail.com
Sat Mar 28 07:01:33 CET 2026
Replace strcpy() with strlcpy() when injecting the boot retry
command into console_buffer. Add a BUILD_BUG_ON() to catch at
compile time any configuration where CONFIG_SYS_CBSIZE is smaller
than the retry command string, and use a named constant for the
command so that the size check stays in sync if the string is
ever changed.
Fixes: 657e19f8f2dd ("cli_hush: support running bootcmd on boot retry")
Signed-off-by: Ngo Luong Thanh Tra <S4210155 at student.rmit.edu.au>
To: u-boot at lists.denx.de
---
common/cli_hush.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/common/cli_hush.c b/common/cli_hush.c
index 7bd6943d3ed..6141c2959df 100644
--- a/common/cli_hush.c
+++ b/common/cli_hush.c
@@ -84,6 +84,7 @@
#include <cli_hush.h>
#include <command.h> /* find_cmd */
#include <asm/global_data.h>
+#include <linux/build_bug.h>
#endif
#ifndef __U_BOOT__
#include <ctype.h> /* isalpha, isdigit */
@@ -1029,7 +1030,10 @@ static void get_user_input(struct in_str *i)
# ifdef CONFIG_RESET_TO_RETRY
do_reset(NULL, 0, 0, NULL);
# elif IS_ENABLED(CONFIG_RETRY_BOOTCMD)
- strcpy(console_buffer, "run bootcmd\n");
+ static const char retry_cmd[] = "run bootcmd\n";
+
+ BUILD_BUG_ON(sizeof(retry_cmd) - 1 > CONFIG_SYS_CBSIZE);
+ strlcpy(console_buffer, retry_cmd, sizeof(console_buffer));
# else
# error "This only works with CONFIG_RESET_TO_RETRY or CONFIG_BOOT_RETRY_COMMAND enabled"
# endif
--
2.53.0
base-commit: c704af3c8b0f37929bce8c2a4bba27d6e89919c7
branch: fix/sys-cbsize-overflow-series
More information about the U-Boot
mailing list