summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKristian Otnes <kotnes@cisco.com>2014-04-25 15:35:43 +0200
committerTom Rini <trini@ti.com>2014-05-12 15:20:05 -0400
commit5c50a92bbea7e118ea4e4fb0945bf6707b010a80 (patch)
tree034a76d7fe3a7e183aba9ba9fd3c518e9fa21fef
parentbf69d6642326cfecef440bb245946903454ff30e (diff)
downloadu-boot-imx-5c50a92bbea7e118ea4e4fb0945bf6707b010a80.zip
u-boot-imx-5c50a92bbea7e118ea4e4fb0945bf6707b010a80.tar.gz
u-boot-imx-5c50a92bbea7e118ea4e4fb0945bf6707b010a80.tar.bz2
hush shell: Avoid string write overflow when entering max cmd length
console_buffer array is defined to be CONFIG_SYS_CBSIZE + 1 long, whereas the_command array only CONFIG_SYS_CBSIZE long. Subsequent use of strcpy(the_command, console_buffer) will write final \0 terminating byte outside the_command array when entering a command of max length. Signed-off-by: Kristian Otnes <kotnes <at> cisco <dot> com>
-rw-r--r--common/hush.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/common/hush.c b/common/hush.c
index df10267..5b43224 100644
--- a/common/hush.c
+++ b/common/hush.c
@@ -996,7 +996,7 @@ static void get_user_input(struct in_str *i)
i->p = the_command;
#else
int n;
- static char the_command[CONFIG_SYS_CBSIZE];
+ static char the_command[CONFIG_SYS_CBSIZE + 1];
#ifdef CONFIG_BOOT_RETRY_TIME
# ifndef CONFIG_RESET_TO_RETRY