IOMUX: Fix buffer overflow in iomux_replace_device()

Use of strcat() against an uninitialized buffer would lead
to buffer overflow. This patch fixes it.

Fixes: 694cd5618c ("IOMUX: Introduce iomux_replace_device()")
Signed-off-by: Yuichiro Goto <goto@k-tech.co.jp>
Cc: Peter Robinson <pbrobinson@gmail.com>
Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Cc: Nicolas Saenz Julienne <nsaenzjulienne@suse.de>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Tested-by: Peter Robinson <pbrobinson@gmail.com>

diff --git a/common/iomux.c b/common/iomux.c
index b9088aa..c428f71 100644 (file)
--- a/common/iomux.c
+++ b/common/iomux.c
@@ -158,8 +158,12 @@ int iomux_replace_device(const int console, const char *old, const char *new)
                        return -ENOMEM;
                }
 
-               strcat(tmp, ",");
-               strcat(tmp, name);
+               if (arg) {
+                       strcat(tmp, ",");
+                       strcat(tmp, name);
+               }
+               else
+                       strcpy(tmp, name);
 
                arg = tmp;
                size = strlen(tmp) + 1;