diff options
author | Rob Herring <rob.herring@calxeda.com> | 2013-03-22 11:26:21 +0000 |
---|---|---|
committer | Tom Rini <trini@ti.com> | 2013-04-02 16:23:34 -0400 |
commit | 60d7d5a63189c9f77a190c9965861dc15482c2d0 (patch) | |
tree | 68bf7c543f8f282142eb7a10c700b3a3d86341fb /common/env_fat.c | |
parent | c17b94ec5ec89c63070dd385b6c3a6645761c405 (diff) | |
download | u-boot-60d7d5a63189c9f77a190c9965861dc15482c2d0.tar.gz |
env: fix potential stack overflow in environment functions
Most of the various environment functions create CONFIG_ENV_SIZE buffers on
the stack. At least on ARM and PPC which have 4KB stacks, this can overflow
the stack if we have large environment sizes. So move all the buffers off
the stack to static buffers.
Signed-off-by: Rob Herring <rob.herring@calxeda.com>
Diffstat (limited to 'common/env_fat.c')
-rw-r--r-- | common/env_fat.c | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/common/env_fat.c b/common/env_fat.c index c0f18ab97d..dd7139d4de 100644 --- a/common/env_fat.c +++ b/common/env_fat.c @@ -37,6 +37,7 @@ char *env_name_spec = "FAT"; env_t *env_ptr; +static char env_buf[CONFIG_ENV_SIZE]; DECLARE_GLOBAL_DATA_PTR; @@ -52,7 +53,7 @@ int env_init(void) #ifdef CONFIG_CMD_SAVEENV int saveenv(void) { - env_t env_new; + env_t *env_new = env_buf; ssize_t len; char *res; block_dev_desc_t *dev_desc = NULL; @@ -60,7 +61,7 @@ int saveenv(void) int part = FAT_ENV_PART; int err; - res = (char *)&env_new.data; + res = (char *)env_new->data; len = hexport_r(&env_htab, '\0', 0, &res, ENV_SIZE, 0, NULL); if (len < 0) { error("Cannot export environment: errno = %d\n", errno); @@ -95,8 +96,8 @@ int saveenv(void) return 1; } - env_new.crc = crc32(0, env_new.data, ENV_SIZE); - err = file_fat_write(FAT_ENV_FILE, (void *)&env_new, sizeof(env_t)); + env_new->crc = crc32(0, env_new->data, ENV_SIZE); + err = file_fat_write(FAT_ENV_FILE, (void *)env_new, sizeof(env_t)); if (err == -1) { printf("\n** Unable to write \"%s\" from %s%d:%d **\n", FAT_ENV_FILE, FAT_ENV_INTERFACE, dev, part); @@ -110,7 +111,7 @@ int saveenv(void) void env_relocate_spec(void) { - char buf[CONFIG_ENV_SIZE]; + char *buf = env_buf; block_dev_desc_t *dev_desc = NULL; int dev = FAT_ENV_DEVICE; int part = FAT_ENV_PART; |