From: Kristian Otnes <kotnes@cisco.com>
Date: Fri, 25 Apr 2014 13:35:43 +0000 (+0200)
Subject: hush shell: Avoid string write overflow when entering max cmd length
X-Git-Tag: v2014.07-rc2~38
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=5c50a92bbea7e118ea4e4fb0945bf6707b010a80;p=u-boot

hush shell: Avoid string write overflow when entering max cmd length

console_buffer array is defined to be CONFIG_SYS_CBSIZE + 1 long,
whereas the_command array only CONFIG_SYS_CBSIZE long. Subsequent
use of strcpy(the_command, console_buffer) will write final \0
terminating byte outside the_command array when entering a command
of max length.

Signed-off-by: Kristian Otnes <kotnes <at> cisco <dot> com>
---

diff --git a/common/hush.c b/common/hush.c
index df10267d64..5b43224759 100644
--- a/common/hush.c
+++ b/common/hush.c
@@ -996,7 +996,7 @@ static void get_user_input(struct in_str *i)
 	i->p = the_command;
 #else
 	int n;
-	static char the_command[CONFIG_SYS_CBSIZE];
+	static char the_command[CONFIG_SYS_CBSIZE + 1];
 
 #ifdef CONFIG_BOOT_RETRY_TIME
 #  ifndef CONFIG_RESET_TO_RETRY