tests: Ensure string is null-terminated

It is possible that set_vendor_data will not be null terminated if
strlen(vendor_data_value) >= sizeof(set_vendor_data). Leave an extra
byte at the end to prevent this.

BUG=none
TEST=make clean && make runtests
BRANCH=none

Change-Id: Ic21d74e9f3f36557ab1083001ab8af8ee42426e4
Signed-off-by: Jacob Garber <jgarber1@ualberta.ca>
Found-by: Coverity CID 198908
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1752933
Reviewed-by: Joel Kitching <kitching@chromium.org>

1 files changed, 6 insertions, 2 deletions

diff --git a/tests/vboot_api_kernel2_tests.c b/tests/vboot_api_kernel2_tests.c
index c1f4f04e..43cc399f 100644
--- a/tests/vboot_api_kernel2_tests.c
+++ b/tests/vboot_api_kernel2_tests.c
@@ -62,7 +62,8 @@ static uint32_t mock_num_disks_count;
 static int tpm_set_mode_called;
 static enum vb2_tpm_mode tpm_mode;
 
-static char set_vendor_data[32];
+// Extra character to guarantee null termination.
+static char set_vendor_data[VENDOR_DATA_LENGTH + 2];
 static int set_vendor_data_called;
 
 /*
@@ -264,7 +265,10 @@ vb2_error_t SetVirtualDevMode(int val)
 vb2_error_t VbExSetVendorData(const char *vendor_data_value)
 {
 	set_vendor_data_called = 1;
-	strncpy(set_vendor_data, vendor_data_value, sizeof(set_vendor_data));
+	// set_vendor_data is a global variable, so it is automatically
+	// initialized to zero, and so the -1 will ensure the string is null
+	// terminated.
+	strncpy(set_vendor_data, vendor_data_value, sizeof(set_vendor_data) - 1);
 
 	return VB2_SUCCESS;
 }