GNUBoot
/
coreboot-kgpe-d16
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ifdtool: Avoid potential buffer overflow 

Filenames of 4091 bytes or more lead to a buffer overflow.

Change-Id: I1b4b3932af096f0fcbfb783ab708ed273d3a844e
Found-by: Coverity Scan
Signed-off-by: Patrick Georgi <patrick@georgi-clan.de>
Reviewed-on: http://review.coreboot.org/6476
Tested-by: build bot (Jenkins)
Reviewed-by: Edward O'Callaghan <eocallaghan@alterapraxis.com>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
This commit is contained in:
Patrick Georgi 2014-08-03 12:14:25 +02:00
parent edb0a61be4
commit 440daf786a
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
util/ifdtool/ifdtool.c
View File

@ -552,7 +552,8 @@ static void write_image(char *filename, char *image, int size)
char new_filename[FILENAME_MAX]; // allow long file names
int new_fd;
strncpy(new_filename, filename, FILENAME_MAX);
// - 5: leave room for ".new\0"
strncpy(new_filename, filename, FILENAME_MAX - 5);
strncat(new_filename, ".new", FILENAME_MAX - strlen(filename));
printf("Writing new image to %s\n", new_filename);