diff options
| author | Evan Green <evgreen@chromium.org> | 2021-05-13 10:49:08 -0700 |
|---|---|---|
| committer | Commit Bot <commit-bot@chromium.org> | 2021-05-14 20:06:58 +0000 |
| commit | d3455ac0873b03cd6af0650a069bb4ccd119d68f (patch) | |
| tree | 99b5c3be76c59ecc6b6dfe2213722dcb954351dc /utility | |
| parent | e681c371484b50c0cc35d91123b176acdc2449eb (diff) | |
| download | vboot-d3455ac0873b03cd6af0650a069bb4ccd119d68f.tar.gz | |
tpmc: Use char sentinel in HexStringToUint32()
HexStringToUint32() uses sscanf(), scanning in a hex value, and
capturing the tail as well to figure out if the user passed in too much.
Switch to using a char for that overflow detection rather than a string
to avoid stack corruption. For example:
localhost# tpmc pcrread 999999999999999999999
*** stack smashing detected ***: terminated
Aborted (core dumped)
BUG=None
BRANCH=main
TEST=stop trunksd; tpmc pcrread 999999999999999999999
Signed-off-by: Evan Green <evgreen@chromium.org>
Change-Id: Idefec979d5cf6ab8a83da8654ed5591158807395
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2893695
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Diffstat (limited to 'utility')
| -rw-r--r-- | utility/tpmc.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/utility/tpmc.c b/utility/tpmc.c index 5723edff..841551ca 100644 --- a/utility/tpmc.c +++ b/utility/tpmc.c @@ -66,10 +66,10 @@ char** args; * success, non-zero for failure. */ static int HexStringToUint32(const char* string, uint32_t* value) { - char tail[1]; + char tail; /* strtoul is not as good because it overflows silently */ - const char* format = strncmp(string, "0x", 2) ? "%8x%s" : "0x%8x%s"; - int n = sscanf(string, format, value, tail); + const char* format = strncmp(string, "0x", 2) ? "%8x%c" : "0x%8x%c"; + int n = sscanf(string, format, value, &tail); return n != 1; } |