From: Tom Rini <trini@konsulko.com>
Date: Wed, 27 Sep 2017 00:44:32 +0000 (-0400)
Subject: cmd/pxe.c: Rework initrd and bootargs handling slightly
X-Git-Tag: v2017.11-rc2~98
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=48ee0a87bc46a6f863ffd9e0396b7a068dd68c50;p=u-boot

cmd/pxe.c: Rework initrd and bootargs handling slightly

For the initrd portion of handling our bootm arguments we do not have a
sufficiently long enough buffer for some improbable 64bit cases.  Expand
this buffer to allow for a 64bit address and almost 256MB initrd to be
used.  Make use of strncpy/strncat when constructing the values here
since we know what the worst case valid values are, length wise.

Similarly for bootargs themselves, we need to make use of strlen/sizeof
and strncpy/strncat to ensure that we don't overflow bootargs itself.

Cc: Simon Glass <sjg@chromium.org>
Cc: Alexander Graf <agraf@suse.de>
Reported-by: Coverity (CID: 131256)
Signed-off-by: Tom Rini <trini@konsulko.com>
---

diff --git a/cmd/pxe.c b/cmd/pxe.c
index c5a770a269..a62cbe192a 100644
--- a/cmd/pxe.c
+++ b/cmd/pxe.c
@@ -616,7 +616,7 @@ static int label_localboot(struct pxe_label *label)
 static int label_boot(cmd_tbl_t *cmdtp, struct pxe_label *label)
 {
 	char *bootm_argv[] = { "bootm", NULL, NULL, NULL, NULL };
-	char initrd_str[22];
+	char initrd_str[28];
 	char mac_str[29] = "";
 	char ip_str[68] = "";
 	int bootm_argc = 2;
@@ -648,9 +648,9 @@ static int label_boot(cmd_tbl_t *cmdtp, struct pxe_label *label)
 		}
 
 		bootm_argv[2] = initrd_str;
-		strcpy(bootm_argv[2], env_get("ramdisk_addr_r"));
+		strncpy(bootm_argv[2], env_get("ramdisk_addr_r"), 18);
 		strcat(bootm_argv[2], ":");
-		strcat(bootm_argv[2], env_get("filesize"));
+		strncat(bootm_argv[2], env_get("filesize"), 9);
 	}
 
 	if (get_relfile_envaddr(cmdtp, label->kernel, "kernel_addr_r") < 0) {
@@ -689,9 +689,9 @@ static int label_boot(cmd_tbl_t *cmdtp, struct pxe_label *label)
 		}
 
 		if (label->append)
-			strcpy(bootargs, label->append);
-		strcat(bootargs, ip_str);
-		strcat(bootargs, mac_str);
+			strncpy(bootargs, label->append, sizeof(bootargs));
+		strncat(bootargs, ip_str, sizeof(bootargs) - strlen(bootargs));
+		strncat(bootargs, mac_str, sizeof(bootargs) - strlen(bootargs));
 
 		cli_simple_process_macros(bootargs, finalbootargs);
 		env_set("bootargs", finalbootargs);