From cdc156ebd17655646eb178784e96036f58ac7859 Mon Sep 17 00:00:00 2001 From: Angel Pons Date: Tue, 11 Oct 2022 21:08:08 +0200 Subject: [PATCH] mb/prodrive/hermes: Harden `eeprom_read_serial()` The `eeprom_read_serial()` function could return a non-NULL terminated string if the serial in EEPROM has `HERMES_SN_PN_LENGTH` (32) non-NULL characters. Make this impossible by adding an additional character for a NULL byte in the static buffer, which always gets set to 0 (NULL). Change-Id: I306fe1b6dd3836156afca786e352d2a7dca0d77c Signed-off-by: Angel Pons Reviewed-on: https://review.coreboot.org/c/coreboot/+/68322 Reviewed-by: Patrick Georgi Tested-by: build bot (Jenkins) Reviewed-by: Felix Singer --- src/mainboard/prodrive/hermes/eeprom.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/mainboard/prodrive/hermes/eeprom.c b/src/mainboard/prodrive/hermes/eeprom.c index 4daef43b1d..70a163f882 100644 --- a/src/mainboard/prodrive/hermes/eeprom.c +++ b/src/mainboard/prodrive/hermes/eeprom.c @@ -127,10 +127,10 @@ struct eeprom_bmc_settings *get_bmc_settings(void) const char *eeprom_read_serial(const size_t offset, const char *const fallback) { - static char serial_no[HERMES_SN_PN_LENGTH] = { 0 }; + static char serial_no[HERMES_SN_PN_LENGTH + 1] = { 0 }; memset(serial_no, 0, sizeof(serial_no)); - if (eeprom_read_buffer(serial_no, offset, sizeof(serial_no)) == 0) + if (eeprom_read_buffer(serial_no, offset, HERMES_SN_PN_LENGTH) == 0) return serial_no; else return fallback;