From 1dbf73b2c699f49807796b0b5f323334db18aab4 Mon Sep 17 00:00:00 2001
From: Patrick Georgi <pgeorgi@google.com>
Date: Fri, 6 Sep 2019 12:24:53 +0200
Subject: util/ecst.c: ensure string termination

Found by Coverity Scan #58136, #58137

BUG=none
BRANCH=none
TEST=none

Change-Id: Ie17330c4766f6537134117ecd81ecd78cd408132
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1789144
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
Tested-by: Patrick Georgi <pgeorgi@chromium.org>
Auto-Submit: Patrick Georgi <pgeorgi@chromium.org>
Commit-Queue: Patrick Georgi <pgeorgi@chromium.org>
---
 util/ecst.c | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/util/ecst.c b/util/ecst.c
index f7409941c0..6d61af95b8 100644
--- a/util/ecst.c
+++ b/util/ecst.c
@@ -2016,10 +2016,12 @@ int calc_firmware_csum_bin(unsigned int *p_cksum,
 int main_hdr(void)
 {
 	int result = 0;
-	char tmp_file_name[NAME_SIZE];
+	char tmp_file_name[NAME_SIZE + 1];
 	unsigned int tmp_long_val;
 	unsigned int bin_file_size_bytes;
 
+	tmp_file_name[NAME_SIZE] = '\0';
+
 	if (is_ptr_merge) {
 		if (strlen(input_file_name) == 0) {
 			my_printf(TERR, "\n\nNo input BIN file selected for");
@@ -2030,7 +2032,7 @@ int main_hdr(void)
 		if (strlen(output_file_name) == 0)
 			strncpy(tmp_file_name,
 				input_file_name,
-				sizeof(tmp_file_name));
+				sizeof(tmp_file_name) - 1);
 		else {
 			copy_file_to_file(output_file_name,
 					  input_file_name,
@@ -2038,7 +2040,7 @@ int main_hdr(void)
 					  SEEK_END);
 			strncpy(tmp_file_name,
 				output_file_name,
-				sizeof(tmp_file_name));
+				sizeof(tmp_file_name) - 1);
 		}
 
 		/* Open Header file */
@@ -2178,10 +2180,11 @@ int main_hdr(void)
  */
 int main_api(void)
 {
-	char tmp_file_name[NAME_SIZE];
+	char tmp_file_name[NAME_SIZE + 1];
 	int result = 0;
 	unsigned int crc_checksum;
 
+	tmp_file_name[NAME_SIZE] = '\0';
 	api_file_size_bytes = 0;
 
 	/* If API input file was not declared, then print error message. */
@@ -2197,7 +2200,8 @@ int main_api(void)
 			sizeof(tmp_file_name), "api_"))
 			return FALSE;
 	} else
-		strncpy(tmp_file_name, output_file_name, sizeof(tmp_file_name));
+		strncpy(tmp_file_name, output_file_name,
+			sizeof(tmp_file_name) - 1);
 
 	/* Make sure that new empty file is created. */
 	api_file_pointer = fopen(tmp_file_name, "w");
-- 
cgit v1.2.1