libpayload: avoid memory overflows
With commands typically shorter than the buffer they're copied to, copy cmdlen bytes, cut off by the buffer limit. Change-Id: Ia9d2663bd145eff4538084ac1ef8850cfbcea924 Signed-off-by: Patrick Georgi <patrick@georgi-clan.de> Found-by: Coverity Scan Reviewed-on: http://review.coreboot.org/7977 Tested-by: build bot (Jenkins) Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net> Reviewed-by: Edward O'Callaghan <eocallaghan@alterapraxis.com>
This commit is contained in:
parent
8180d1a22f
commit
3cb56e934f
|
@ -200,6 +200,11 @@ wrap_cbw (cbw_t *cbw, int datalen, cbw_direction dir, const u8 *cmd,
|
||||||
{
|
{
|
||||||
memset (cbw, 0, sizeof (cbw_t));
|
memset (cbw, 0, sizeof (cbw_t));
|
||||||
|
|
||||||
|
/* commands are typically shorter, but we don't want overflows */
|
||||||
|
if (cmdlen > sizeof(cbw->CBWCB)) {
|
||||||
|
cmdlen = sizeof(cbw->CBWCB);
|
||||||
|
}
|
||||||
|
|
||||||
cbw->dCBWSignature = cbw_signature;
|
cbw->dCBWSignature = cbw_signature;
|
||||||
cbw->dCBWTag = ++tag;
|
cbw->dCBWTag = ++tag;
|
||||||
cbw->bCBWLUN = lun;
|
cbw->bCBWLUN = lun;
|
||||||
|
|
Loading…
Reference in New Issue