projects / platform / kernel / u-boot.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e61a9e7)
cmd: usbdown: remove overflow possiblity on fill_entity_usbdown() 72/140872/1
authorSeung-Woo Kim <sw0312.kim@samsung.com>
Thu, 27 Jul 2017 03:13:22 +0000 (12:13 +0900)
committerSeung-Woo Kim <sw0312.kim@samsung.com>
Thu, 27 Jul 2017 03:15:36 +0000 (12:15 +0900)
The file name parsed from dfu_alo_info can be longer than NAME_SIZE,
so strcpy function has possiblity of overflow.
Remove the possible overflow using strncpy with less length than
NAME_SIZE.

Change-Id: Ib70f539a810e553136421c7faa576144811c3112
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
cmd/usbdown.c patch | blob | history

diff --git a/cmd/usbdown.c b/cmd/usbdown.c
index 23654281fbf8846df444ffef1fae1cfc62c431f9..0ee61e57d610210073fd0f6858d6aeca6fd374eb 100644 (file)
--- a/cmd/usbdown.c
+++ b/cmd/usbdown.c
@@ -257,7 +257,7 @@ static void fill_entity_usbdown(char *interface, char *devstr)
                /* Parsing file name */
                s = strsep(&setting, ";");
                st = strsep(&s, " ");
-               strcpy(usbdown[i].name, st);
+               strncpy(usbdown[i].name, st, NAME_SIZE - 1);
 
                ret = usb_fill_entity(&usbdown[i], s, alt_num_count,
                                interface, devstr);
Domain: System / Kernel;