From cdc156ebd17655646eb178784e96036f58ac7859 Mon Sep 17 00:00:00 2001
From: Angel Pons <th3fanbus@gmail.com>
Date: Tue, 11 Oct 2022 21:08:08 +0200
Subject: [PATCH] mb/prodrive/hermes: Harden `eeprom_read_serial()`

The `eeprom_read_serial()` function could return a non-NULL terminated
string if the serial in EEPROM has `HERMES_SN_PN_LENGTH` (32) non-NULL
characters. Make this impossible by adding an additional character for
a NULL byte in the static buffer, which always gets set to 0 (NULL).

Change-Id: I306fe1b6dd3836156afca786e352d2a7dca0d77c
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/68322
Reviewed-by: Patrick Georgi <patrick@coreboot.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Singer <felixsinger@posteo.net>
---
 src/mainboard/prodrive/hermes/eeprom.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/mainboard/prodrive/hermes/eeprom.c b/src/mainboard/prodrive/hermes/eeprom.c
index 4daef43b1d..70a163f882 100644
--- a/src/mainboard/prodrive/hermes/eeprom.c
+++ b/src/mainboard/prodrive/hermes/eeprom.c
@@ -127,10 +127,10 @@ struct eeprom_bmc_settings *get_bmc_settings(void)
 
 const char *eeprom_read_serial(const size_t offset, const char *const fallback)
 {
-	static char serial_no[HERMES_SN_PN_LENGTH] = { 0 };
+	static char serial_no[HERMES_SN_PN_LENGTH + 1] = { 0 };
 	memset(serial_no, 0, sizeof(serial_no));
 
-	if (eeprom_read_buffer(serial_no, offset, sizeof(serial_no)) == 0)
+	if (eeprom_read_buffer(serial_no, offset, HERMES_SN_PN_LENGTH) == 0)
 		return serial_no;
 	else
 		return fallback;