autoboot: fix illegal memory access when stop key and delay key are empty

If both stop key and delay key are empty, the length of these
keys is 0. The subtraction operation will cause the u_int type
variable to overflow, will cause illegal memory access in key
input loop.

This commit fixes this bug by using int type instead of u_init.
Acked-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
This commit is contained in:
Yuezhang.Mo@sony.com 2021-01-15 03:11:49 +00:00 committed by Tom Rini
parent 1e35a4d228
commit e088f0c3d8

View file

@ -164,9 +164,9 @@ static int passwd_abort_key(uint64_t etime)
}; };
char presskey[MAX_DELAY_STOP_STR]; char presskey[MAX_DELAY_STOP_STR];
u_int presskey_len = 0; int presskey_len = 0;
u_int presskey_max = 0; int presskey_max = 0;
u_int i; int i;
# ifdef CONFIG_AUTOBOOT_DELAY_STR # ifdef CONFIG_AUTOBOOT_DELAY_STR
if (delaykey[0].str == NULL) if (delaykey[0].str == NULL)