mirror of
https://github.com/AsahiLinux/u-boot
synced 2024-11-24 21:54:01 +00:00
pxe: simplify label_boot()
Coverity CID 131256 indicates a possible buffer overflow in label_boot(). This would only occur if the size of the downloaded file would exceed 4 GiB. But anyway we can simplify the code by using snprintf() and checking the return value. Addresses-Coverity-ID: 131256 ("Security best practices violations (STRING_OVERFLOW)") Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ramon Fried <rfried.dev@gmail.com> Reviewed-by: Artem Lapkin <email2tema@gmail.com>
This commit is contained in:
parent
26f6f7fb5c
commit
085cbdafca
1 changed files with 4 additions and 5 deletions
|
@ -532,11 +532,10 @@ static int label_boot(struct pxe_context *ctx, struct pxe_label *label)
|
||||||
}
|
}
|
||||||
|
|
||||||
initrd_addr_str = env_get("ramdisk_addr_r");
|
initrd_addr_str = env_get("ramdisk_addr_r");
|
||||||
strcpy(initrd_filesize, simple_xtoa(size));
|
size = snprintf(initrd_str, sizeof(initrd_str), "%s:%lx",
|
||||||
|
initrd_addr_str, size);
|
||||||
strncpy(initrd_str, initrd_addr_str, 18);
|
if (size >= sizeof(initrd_str))
|
||||||
strcat(initrd_str, ":");
|
return 1;
|
||||||
strncat(initrd_str, initrd_filesize, 9);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if (get_relfile_envaddr(ctx, label->kernel, "kernel_addr_r",
|
if (get_relfile_envaddr(ctx, label->kernel, "kernel_addr_r",
|
||||||
|
|
Loading…
Reference in a new issue