1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
From 80aaaa8b93d860f828e2cf883f307894640765f0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= <zajec5@gmail.com>
Date: Wed, 10 Dec 2014 11:49:54 +0100
Subject: [PATCH] MIPS: BCM47XX: Use strnchr to avoid reading out of the buffer
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
Cc: Hauke Mehrtens <hauke@hauke-m.de>
Cc: Paul Walmsley <paul@pwsan.com>
Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/8662/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
---
arch/mips/bcm47xx/nvram.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/arch/mips/bcm47xx/nvram.c b/arch/mips/bcm47xx/nvram.c
index 5e4ae04..d805d8a 100644
--- a/arch/mips/bcm47xx/nvram.c
+++ b/arch/mips/bcm47xx/nvram.c
@@ -175,7 +175,7 @@ static int nvram_init(void)
int bcm47xx_nvram_getenv(const char *name, char *val, size_t val_len)
{
char *var, *value, *end, *eq;
- int err;
+ int data_left, err;
if (!name)
return -EINVAL;
@@ -191,7 +191,9 @@ int bcm47xx_nvram_getenv(const char *name, char *val, size_t val_len)
end = nvram_buf + sizeof(nvram_buf) - 2;
end[0] = end[1] = '\0';
for (; *var; var = value + strlen(value) + 1) {
- eq = strchr(var, '=');
+ data_left = end - var;
+
+ eq = strnchr(var, data_left, '=');
if (!eq)
break;
value = eq + 1;
--
1.8.4.5
|