diff options
author | Kristian Otnes <kotnes@cisco.com> | 2014-04-25 15:35:43 +0200 |
---|---|---|
committer | Tom Rini <trini@ti.com> | 2014-05-12 15:20:05 -0400 |
commit | 5c50a92bbea7e118ea4e4fb0945bf6707b010a80 (patch) | |
tree | 034a76d7fe3a7e183aba9ba9fd3c518e9fa21fef | |
parent | bf69d6642326cfecef440bb245946903454ff30e (diff) | |
download | u-boot-imx-5c50a92bbea7e118ea4e4fb0945bf6707b010a80.zip u-boot-imx-5c50a92bbea7e118ea4e4fb0945bf6707b010a80.tar.gz u-boot-imx-5c50a92bbea7e118ea4e4fb0945bf6707b010a80.tar.bz2 |
hush shell: Avoid string write overflow when entering max cmd length
console_buffer array is defined to be CONFIG_SYS_CBSIZE + 1 long,
whereas the_command array only CONFIG_SYS_CBSIZE long. Subsequent
use of strcpy(the_command, console_buffer) will write final \0
terminating byte outside the_command array when entering a command
of max length.
Signed-off-by: Kristian Otnes <kotnes <at> cisco <dot> com>
-rw-r--r-- | common/hush.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/common/hush.c b/common/hush.c index df10267..5b43224 100644 --- a/common/hush.c +++ b/common/hush.c @@ -996,7 +996,7 @@ static void get_user_input(struct in_str *i) i->p = the_command; #else int n; - static char the_command[CONFIG_SYS_CBSIZE]; + static char the_command[CONFIG_SYS_CBSIZE + 1]; #ifdef CONFIG_BOOT_RETRY_TIME # ifndef CONFIG_RESET_TO_RETRY |