diff options
author | wdenk <wdenk> | 2004-03-17 01:13:07 +0000 |
---|---|---|
committer | wdenk <wdenk> | 2004-03-17 01:13:07 +0000 |
commit | 7d7ce4125f769a21a321c3df972272c5854d54f7 (patch) | |
tree | ca95548f218169750a0b3d3ddf72e3464d9f8d0d /common | |
parent | d9df1f4e662441c487f96a4e1f91caa9297afdd9 (diff) | |
download | u-boot-imx-7d7ce4125f769a21a321c3df972272c5854d54f7.zip u-boot-imx-7d7ce4125f769a21a321c3df972272c5854d54f7.tar.gz u-boot-imx-7d7ce4125f769a21a321c3df972272c5854d54f7.tar.bz2 |
Patch by Pierre Aubert, 15 Mar 2004:
Fix buffer overflow in IDE identification
Diffstat (limited to 'common')
-rw-r--r-- | common/cmd_ide.c | 42 |
1 files changed, 23 insertions, 19 deletions
diff --git a/common/cmd_ide.c b/common/cmd_ide.c index 2b8b2bc..8644d98 100644 --- a/common/cmd_ide.c +++ b/common/cmd_ide.c @@ -1410,27 +1410,31 @@ WR_OUT: /* * copy src to dest, skipping leading and trailing blanks and null * terminate the string + * "len" is the size of available memory including the terminating '\0' */ -static void ident_cpy (unsigned char *dest, unsigned char *src, unsigned int len) +static void ident_cpy (unsigned char *dst, unsigned char *src, unsigned int len) { - int start,end; - - start=0; - while (start<len) { - if (src[start]!=' ') - break; - start++; - } - end=len-1; - while (end>start) { - if (src[end]!=' ') - break; - end--; - } - for ( ; start<=end; start++) { - *dest++=src[start]; - } - *dest='\0'; + unsigned char *end, *last; + + last = dst; + end = src + len; + + /* reserve space for '\0' */ + if (len < 2) + goto OUT; + + /* skip leading white space */ + while ((*src) && (src<end) && (*src==' ')) + ++src; + + /* copy string, omitting trailing white space */ + while ((*src) && (src<end)) { + *dst++ = *src; + if (*src++ != ' ') + last = dst; + } +OUT: + *last = '\0'; } /* ------------------------------------------------------------------------- */ |