[U-Boot] [PATCH] Prevent a stack overflow in fit_check_sign
It is trivial to crash fit_check_sign by invoking with an absolute path in a deeply nested directory. This is exposed by vboot_test.sh.
Signed-off-by: Michael van der Westhuizen michael@smart-africa.com --- tools/fit_check_sign.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/tools/fit_check_sign.c b/tools/fit_check_sign.c index d6d9340..817773d 100644 --- a/tools/fit_check_sign.c +++ b/tools/fit_check_sign.c @@ -42,12 +42,13 @@ int main(int argc, char **argv) void *fit_blob; char *fdtfile = NULL; char *keyfile = NULL; - char cmdname[50]; + char cmdname[256]; int ret; void *key_blob; int c;
- strcpy(cmdname, *argv); + strncpy(cmdname, *argv, sizeof(cmdname) - 1); + cmdname[sizeof(cmdname) - 1] = '\0'; while ((c = getopt(argc, argv, "f:k:")) != -1) switch (c) { case 'f':
On 20 May 2014 03:58, Michael van der Westhuizen michael@smart-africa.com wrote:
It is trivial to crash fit_check_sign by invoking with an absolute path in a deeply nested directory. This is exposed by vboot_test.sh.
Signed-off-by: Michael van der Westhuizen michael@smart-africa.com
Acked-by: Simon Glass sjg@chromium.org
tools/fit_check_sign.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/tools/fit_check_sign.c b/tools/fit_check_sign.c index d6d9340..817773d 100644 --- a/tools/fit_check_sign.c +++ b/tools/fit_check_sign.c @@ -42,12 +42,13 @@ int main(int argc, char **argv) void *fit_blob; char *fdtfile = NULL; char *keyfile = NULL;
- char cmdname[50];
- char cmdname[256]; int ret; void *key_blob; int c;
- strcpy(cmdname, *argv);
- strncpy(cmdname, *argv, sizeof(cmdname) - 1);
- cmdname[sizeof(cmdname) - 1] = '\0'; while ((c = getopt(argc, argv, "f:k:")) != -1) switch (c) { case 'f':
-- 2.0.0.rc0
On Tue, May 20, 2014 at 03:58:58PM +0200, Michael van der Westhuizen wrote:
It is trivial to crash fit_check_sign by invoking with an absolute path in a deeply nested directory. This is exposed by vboot_test.sh.
Signed-off-by: Michael van der Westhuizen michael@smart-africa.com Acked-by: Simon Glass sjg@chromium.org
Applied to u-boot/master, thanks!
participants (3)
-
Michael van der Westhuizen -
Simon Glass -
Tom Rini