summaryrefslogtreecommitdiff
path: root/common
diff options
context:
space:
mode:
authorDoug Anderson <dianders@chromium.org>2012-01-17 09:37:41 +0000
committerTom Rini <trini@ti.com>2013-05-17 14:43:29 -0400
commita558ad71132fa6061ff950b9d3a12b0dad01b129 (patch)
treeba00c0c1b29245d1e3435259a839b1fbe58e1261 /common
parent8ac28563a059bea49c23bfc4ae88f749ad2b47d3 (diff)
downloadu-boot-imx-a558ad71132fa6061ff950b9d3a12b0dad01b129.zip
u-boot-imx-a558ad71132fa6061ff950b9d3a12b0dad01b129.tar.gz
u-boot-imx-a558ad71132fa6061ff950b9d3a12b0dad01b129.tar.bz2
bootm: Avoid 256-byte overflow in fixup_silent_linux()
This makes fixup_silent_linux() use malloc() to allocate its working space, meaning that our maximum kernel command line should only be limited by malloc(). Previously it was silently overflowing the stack. Note that nothing about this change increases the kernel's maximum command line length. If you have a command line that is >256 bytes it's up to you to make sure that kernel can handle it. Signed-off-by: Doug Anderson <dianders@chromium.org> Acked-by: Mike Frysinger <vapier@gentoo.org>
Diffstat (limited to 'common')
-rw-r--r--common/cmd_bootm.c41
1 files changed, 29 insertions, 12 deletions
diff --git a/common/cmd_bootm.c b/common/cmd_bootm.c
index dd6cafa..15f4599 100644
--- a/common/cmd_bootm.c
+++ b/common/cmd_bootm.c
@@ -1423,9 +1423,14 @@ U_BOOT_CMD(
/* helper routines */
/*******************************************************************/
#if defined(CONFIG_SILENT_CONSOLE) && !defined(CONFIG_SILENT_U_BOOT_ONLY)
+
+#define CONSOLE_ARG "console="
+#define CONSOLE_ARG_LEN (sizeof(CONSOLE_ARG) - 1)
+
static void fixup_silent_linux(void)
{
- char buf[256], *start, *end;
+ char *buf;
+ const char *env_val;
char *cmdline = getenv("bootargs");
/* Only fix cmdline when requested */
@@ -1433,25 +1438,37 @@ static void fixup_silent_linux(void)
return;
debug("before silent fix-up: %s\n", cmdline);
- if (cmdline) {
- start = strstr(cmdline, "console=");
+ if (cmdline && (cmdline[0] != '\0')) {
+ char *start = strstr(cmdline, CONSOLE_ARG);
+
+ /* Allocate space for maximum possible new command line */
+ buf = malloc(strlen(cmdline) + 1 + CONSOLE_ARG_LEN + 1);
+ if (!buf) {
+ debug("%s: out of memory\n", __func__);
+ return;
+ }
+
if (start) {
- end = strchr(start, ' ');
- strncpy(buf, cmdline, (start - cmdline + 8));
+ char *end = strchr(start, ' ');
+ int num_start_bytes = start - cmdline + CONSOLE_ARG_LEN;
+
+ strncpy(buf, cmdline, num_start_bytes);
if (end)
- strcpy(buf + (start - cmdline + 8), end);
+ strcpy(buf + num_start_bytes, end);
else
- buf[start - cmdline + 8] = '\0';
+ buf[num_start_bytes] = '\0';
} else {
- strcpy(buf, cmdline);
- strcat(buf, " console=");
+ sprintf(buf, "%s %s", cmdline, CONSOLE_ARG);
}
+ env_val = buf;
} else {
- strcpy(buf, "console=");
+ buf = NULL;
+ env_val = CONSOLE_ARG;
}
- setenv("bootargs", buf);
- debug("after silent fix-up: %s\n", buf);
+ setenv("bootargs", env_val);
+ debug("after silent fix-up: %s\n", env_val);
+ free(buf);
}
#endif /* CONFIG_SILENT_CONSOLE */