24 Feb
2015
24 Feb
'15
11:28 a.m.
Hi Dileep,
If the string is copied without NULL termination using strncpy(), then strncat() on the next line, may concatenate the string after some stale (or random) data, if the response string was not zero-initialized.
Signed-off-by: Dileep Katta dileep.katta@linaro.org
common/fb_mmc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/common/fb_mmc.c b/common/fb_mmc.c index 3911989..73055cc 100644 --- a/common/fb_mmc.c +++ b/common/fb_mmc.c @@ -23,13 +23,13 @@ static char *response_str;
void fastboot_fail(const char *s) {
- strncpy(response_str, "FAIL", 4);
- strncpy(response_str, "FAIL\0", 5); strncat(response_str, s, RESPONSE_LEN - 4 - 1);
}
void fastboot_okay(const char *s) {
- strncpy(response_str, "OKAY", 4);
- strncpy(response_str, "OKAY\0", 5); strncat(response_str, s, RESPONSE_LEN - 4 - 1);
}
Applied to u-boot-dfu branch.
Thanks for the patch!
--
Best regards,
Lukasz Majewski
Samsung R&D Institute Poland (SRPOL) | Linux Platform Group