projects / u-boot.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4fd9870)
LF-1850 fastboot: Fix buffer not null terminated
authorJi Luo <ji.luo@nxp.com>
Mon, 3 Aug 2020 10:31:36 +0000 (18:31 +0800)
committerJi Luo <ji.luo@nxp.com>
Wed, 19 May 2021 12:00:33 +0000 (20:00 +0800)
Fix Coverity Issue 3351934. Calling strncpy() with the size shorter
than the source string and would cause null-terminate dest buffer.

Signed-off-by: Ji Luo <ji.luo@nxp.com>
Change-Id: I1e71fb584eb8f10a90ec87564cc49b7f9388c3de
(cherry picked from commit 0c408158af2592f34ed4ecc7c6a30db5c8676ffe)

drivers/fastboot/fb_fsl/fastboot_lock_unlock.c patch | blob | history

diff --git a/drivers/fastboot/fb_fsl/fastboot_lock_unlock.c b/drivers/fastboot/fb_fsl/fastboot_lock_unlock.c
index 496d4c0..afe9302 100644 (file)
--- a/drivers/fastboot/fb_fsl/fastboot_lock_unlock.c
+++ b/drivers/fastboot/fb_fsl/fastboot_lock_unlock.c
@@ -122,9 +122,9 @@ static FbLockState decrypt_lock_store(unsigned char* bdata) {
 }
 static inline int encrypt_lock_store(FbLockState lock, unsigned char* bdata) {
        if (FASTBOOT_LOCK == lock)
-               strncpy((char *)bdata, "locked", strlen("locked"));
+               strncpy((char *)bdata, "locked", strlen("locked") + 1);
        else if (FASTBOOT_UNLOCK == lock)
-               strncpy((char *)bdata, "unlocked", strlen("unlocked"));
+               strncpy((char *)bdata, "unlocked", strlen("unlocked") + 1);
        else
                return -1;
        return 0;