From 48ee0a87bc46a6f863ffd9e0396b7a068dd68c50 Mon Sep 17 00:00:00 2001 From: Tom Rini Date: Tue, 26 Sep 2017 20:44:32 -0400 Subject: [PATCH] cmd/pxe.c: Rework initrd and bootargs handling slightly For the initrd portion of handling our bootm arguments we do not have a sufficiently long enough buffer for some improbable 64bit cases. Expand this buffer to allow for a 64bit address and almost 256MB initrd to be used. Make use of strncpy/strncat when constructing the values here since we know what the worst case valid values are, length wise. Similarly for bootargs themselves, we need to make use of strlen/sizeof and strncpy/strncat to ensure that we don't overflow bootargs itself. Cc: Simon Glass Cc: Alexander Graf Reported-by: Coverity (CID: 131256) Signed-off-by: Tom Rini --- cmd/pxe.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/cmd/pxe.c b/cmd/pxe.c index c5a770a269..a62cbe192a 100644 --- a/cmd/pxe.c +++ b/cmd/pxe.c @@ -616,7 +616,7 @@ static int label_localboot(struct pxe_label *label) static int label_boot(cmd_tbl_t *cmdtp, struct pxe_label *label) { char *bootm_argv[] = { "bootm", NULL, NULL, NULL, NULL }; - char initrd_str[22]; + char initrd_str[28]; char mac_str[29] = ""; char ip_str[68] = ""; int bootm_argc = 2; @@ -648,9 +648,9 @@ static int label_boot(cmd_tbl_t *cmdtp, struct pxe_label *label) } bootm_argv[2] = initrd_str; - strcpy(bootm_argv[2], env_get("ramdisk_addr_r")); + strncpy(bootm_argv[2], env_get("ramdisk_addr_r"), 18); strcat(bootm_argv[2], ":"); - strcat(bootm_argv[2], env_get("filesize")); + strncat(bootm_argv[2], env_get("filesize"), 9); } if (get_relfile_envaddr(cmdtp, label->kernel, "kernel_addr_r") < 0) { @@ -689,9 +689,9 @@ static int label_boot(cmd_tbl_t *cmdtp, struct pxe_label *label) } if (label->append) - strcpy(bootargs, label->append); - strcat(bootargs, ip_str); - strcat(bootargs, mac_str); + strncpy(bootargs, label->append, sizeof(bootargs)); + strncat(bootargs, ip_str, sizeof(bootargs) - strlen(bootargs)); + strncat(bootargs, mac_str, sizeof(bootargs) - strlen(bootargs)); cli_simple_process_macros(bootargs, finalbootargs); env_set("bootargs", finalbootargs); -- 2.39.5