libpayload: avoid memory overflows

With commands typically shorter than the buffer they're
copied to, copy cmdlen bytes, cut off by the buffer limit.

Change-Id: Ia9d2663bd145eff4538084ac1ef8850cfbcea924
Signed-off-by: Patrick Georgi <patrick@georgi-clan.de>
Found-by: Coverity Scan
Reviewed-on: http://review.coreboot.org/7977
Tested-by: build bot (Jenkins)
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Edward O'Callaghan <eocallaghan@alterapraxis.com>
This commit is contained in:
Patrick Georgi 2014-12-29 20:37:45 +01:00 committed by Patrick Georgi
parent 8180d1a22f
commit 3cb56e934f
1 changed files with 5 additions and 0 deletions

View File

@ -200,6 +200,11 @@ wrap_cbw (cbw_t *cbw, int datalen, cbw_direction dir, const u8 *cmd,
{ {
memset (cbw, 0, sizeof (cbw_t)); memset (cbw, 0, sizeof (cbw_t));
/* commands are typically shorter, but we don't want overflows */
if (cmdlen > sizeof(cbw->CBWCB)) {
cmdlen = sizeof(cbw->CBWCB);
}
cbw->dCBWSignature = cbw_signature; cbw->dCBWSignature = cbw_signature;
cbw->dCBWTag = ++tag; cbw->dCBWTag = ++tag;
cbw->bCBWLUN = lun; cbw->bCBWLUN = lun;