hush shell: Avoid string write overflow when entering max cmd length

console_buffer array is defined to be CONFIG_SYS_CBSIZE + 1 long, whereas the_command array only CONFIG_SYS_CBSIZE long. Subsequent use of strcpy(the_command, console_buffer) will write final \0 terminating byte outside the_command array when entering a command of max length. Signed-off-by: Kristian Otnes <kotnes <at> cisco <dot> com>
author: Kristian Otnes <kotnes@cisco.com> 2014-04-25 15:35:43 +0200
committer: Tom Rini <trini@ti.com> 2014-05-12 15:20:05 -0400
commit: 5c50a92bbea7e118ea4e4fb0945bf6707b010a80 (patch)
tree: 034a76d7fe3a7e183aba9ba9fd3c518e9fa21fef /common/hush.c
parent: bf69d6642326cfecef440bb245946903454ff30e (diff)
download: u-boot-imx-5c50a92bbea7e118ea4e4fb0945bf6707b010a80.zip
u-boot-imx-5c50a92bbea7e118ea4e4fb0945bf6707b010a80.tar.gz
u-boot-imx-5c50a92bbea7e118ea4e4fb0945bf6707b010a80.tar.bz2
1 files changed, 1 insertions, 1 deletions
diff --git a/common/hush.c b/common/hush.c
index df10267..5b43224 100644
--- a/common/hush.c
+++ b/common/hush.c
@@ -996,7 +996,7 @@ static void get_user_input(struct in_str *i)
 	i->p = the_command;
 #else
 	int n;
-	static char the_command[CONFIG_SYS_CBSIZE];
+	static char the_command[CONFIG_SYS_CBSIZE + 1];
 
 #ifdef CONFIG_BOOT_RETRY_TIME
 #  ifndef CONFIG_RESET_TO_RETRY
author	Kristian Otnes <kotnes@cisco.com>	2014-04-25 15:35:43 +0200
committer	Tom Rini <trini@ti.com>	2014-05-12 15:20:05 -0400
commit	5c50a92bbea7e118ea4e4fb0945bf6707b010a80 (patch)
tree	034a76d7fe3a7e183aba9ba9fd3c518e9fa21fef /common/hush.c
parent	bf69d6642326cfecef440bb245946903454ff30e (diff)
download	u-boot-imx-5c50a92bbea7e118ea4e4fb0945bf6707b010a80.zip u-boot-imx-5c50a92bbea7e118ea4e4fb0945bf6707b010a80.tar.gz u-boot-imx-5c50a92bbea7e118ea4e4fb0945bf6707b010a80.tar.bz2