Eric Lee / smarc-uboot

Download as
Browse Code ยป

Commit 64375014c499528d9df5ee37f78844823a9d21f2

Authored by Michael van der Westhuizen
Committed by Tom Rini
1 parent 25308f45e1
Exists in v2017.01-smarct4x and in 40 other branches 8qm-imx_v2020.04_5.4.70_2.3.0, emb_lf_v2022.04, imx_v2015.04_4.1.15_1.0.0_ga, pitx_8mp_lf_v2020.04, smarc-8m-android-10.0.0_2.6.0, smarc-8m-android-11.0.0_2.0.0, smarc-8mp-android-11.0.0_2.0.0, smarc-imx6_v2018.03_4.14.98_2.0.0_ga, smarc-imx7_v2017.03_4.9.11_1.0.0_ga, smarc-imx7_v2018.03_4.14.98_2.0.0_ga, smarc-imx_v2015.04_4.1.15_1.0.0_ga, smarc-imx_v2017.03_4.9.11_1.0.0_ga, smarc-imx_v2017.03_4.9.88_2.0.0_ga, smarc-imx_v2017.03_o8.1.0_1.3.0_8m, smarc-imx_v2018.03_4.14.78_1.0.0_ga, smarc-m6.0.1_2.1.0-ga, smarc-n7.1.2_2.0.0-ga, smarc-rel_imx_4.1.15_2.0.0_ga, smarc_8m-imx_v2018.03_4.14.98_2.0.0_ga, smarc_8m-imx_v2019.04_4.19.35_1.1.0, smarc_8m_00d0-imx_v2018.03_4.14.98_2.0.0_ga, smarc_8mm-imx_v2018.03_4.14.98_2.0.0_ga, smarc_8mm-imx_v2019.04_4.19.35_1.1.0, smarc_8mm-imx_v2020.04_5.4.24_2.1.0, smarc_8mp_lf_v2020.04, smarc_8mq-imx_v2020.04_5.4.24_2.1.0, smarc_8mq_lf_v2020.04, ti-u-boot-2015.07, v2014.07, v2014.07-smarct33, v2014.07-smartmen, v2015.07-smarct33, v2015.07-smarct33-emmc, v2015.07-smarct4x, v2016.05-dlt, v2016.05-smarct3x, v2016.05-smarct3x-emmc, v2016.05-smarct4x, v2017.01-smarct3x, v2017.01-smarct3x-emmc

Prevent a stack overflow in fit_check_sign 

It is trivial to crash fit_check_sign by invoking with an
absolute path in a deeply nested directory.  This is exposed
by vboot_test.sh.

Signed-off-by: Michael van der Westhuizen <michael@smart-africa.com>
Acked-by: Simon Glass <sjg@chromium.org>

Showing 1 changed file with 3 additions and 2 deletions Side-by-side Diff

tools/fit_check_sign.c
Diff comments   View file @ 6437501
... ... @@ -42,12 +42,13 @@
42 42 void *fit_blob;
43 43 char *fdtfile = NULL;
44 44 char *keyfile = NULL;
45   - char cmdname[50];
  45 + char cmdname[256];
46 46 int ret;
47 47 void *key_blob;
48 48 int c;
49 49  
50   - strcpy(cmdname, *argv);
  50 + strncpy(cmdname, *argv, sizeof(cmdname) - 1);
  51 + cmdname[sizeof(cmdname) - 1] = '\0';
51 52 while ((c = getopt(argc, argv, "f:k:")) != -1)
52 53 switch (c) {
53 54 case 'f':