summaryrefslogtreecommitdiff
path: root/common
diff options
context:
space:
mode:
authorwdenk <wdenk>2004-03-17 01:13:07 +0000
committerwdenk <wdenk>2004-03-17 01:13:07 +0000
commit7d7ce4125f769a21a321c3df972272c5854d54f7 (patch)
treeca95548f218169750a0b3d3ddf72e3464d9f8d0d /common
parentd9df1f4e662441c487f96a4e1f91caa9297afdd9 (diff)
downloadu-boot-imx-7d7ce4125f769a21a321c3df972272c5854d54f7.zip
u-boot-imx-7d7ce4125f769a21a321c3df972272c5854d54f7.tar.gz
u-boot-imx-7d7ce4125f769a21a321c3df972272c5854d54f7.tar.bz2
Patch by Pierre Aubert, 15 Mar 2004:
Fix buffer overflow in IDE identification
Diffstat (limited to 'common')
-rw-r--r--common/cmd_ide.c42
1 files changed, 23 insertions, 19 deletions
diff --git a/common/cmd_ide.c b/common/cmd_ide.c
index 2b8b2bc..8644d98 100644
--- a/common/cmd_ide.c
+++ b/common/cmd_ide.c
@@ -1410,27 +1410,31 @@ WR_OUT:
/*
* copy src to dest, skipping leading and trailing blanks and null
* terminate the string
+ * "len" is the size of available memory including the terminating '\0'
*/
-static void ident_cpy (unsigned char *dest, unsigned char *src, unsigned int len)
+static void ident_cpy (unsigned char *dst, unsigned char *src, unsigned int len)
{
- int start,end;
-
- start=0;
- while (start<len) {
- if (src[start]!=' ')
- break;
- start++;
- }
- end=len-1;
- while (end>start) {
- if (src[end]!=' ')
- break;
- end--;
- }
- for ( ; start<=end; start++) {
- *dest++=src[start];
- }
- *dest='\0';
+ unsigned char *end, *last;
+
+ last = dst;
+ end = src + len;
+
+ /* reserve space for '\0' */
+ if (len < 2)
+ goto OUT;
+
+ /* skip leading white space */
+ while ((*src) && (src<end) && (*src==' '))
+ ++src;
+
+ /* copy string, omitting trailing white space */
+ while ((*src) && (src<end)) {
+ *dst++ = *src;
+ if (*src++ != ' ')
+ last = dst;
+ }
+OUT:
+ *last = '\0';
}
/* ------------------------------------------------------------------------- */