| 12345678910111213141516171819202122232425262728293031323334353637383940 |
- From 80aaaa8b93d860f828e2cf883f307894640765f0 Mon Sep 17 00:00:00 2001
- From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= <zajec5@gmail.com>
- Date: Wed, 10 Dec 2014 11:49:54 +0100
- Subject: [PATCH] MIPS: BCM47XX: Use strnchr to avoid reading out of the buffer
- MIME-Version: 1.0
- Content-Type: text/plain; charset=UTF-8
- Content-Transfer-Encoding: 8bit
- Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
- Cc: Hauke Mehrtens <hauke@hauke-m.de>
- Cc: Paul Walmsley <paul@pwsan.com>
- Cc: linux-mips@linux-mips.org
- Patchwork: https://patchwork.linux-mips.org/patch/8662/
- Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
- ---
- arch/mips/bcm47xx/nvram.c | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
- --- a/arch/mips/bcm47xx/nvram.c
- +++ b/arch/mips/bcm47xx/nvram.c
- @@ -175,7 +175,7 @@ static int nvram_init(void)
- int bcm47xx_nvram_getenv(const char *name, char *val, size_t val_len)
- {
- char *var, *value, *end, *eq;
- - int err;
- + int data_left, err;
-
- if (!name)
- return -EINVAL;
- @@ -191,7 +191,9 @@ int bcm47xx_nvram_getenv(const char *nam
- end = nvram_buf + sizeof(nvram_buf) - 2;
- end[0] = end[1] = '\0';
- for (; *var; var = value + strlen(value) + 1) {
- - eq = strchr(var, '=');
- + data_left = end - var;
- +
- + eq = strnchr(var, data_left, '=');
- if (!eq)
- break;
- value = eq + 1;
|
