diff options
author | Heinrich Schuchardt <xypron.glpk@gmx.de> | 2019-07-05 21:27:13 +0200 |
---|---|---|
committer | Heinrich Schuchardt <xypron.glpk@gmx.de> | 2019-07-06 21:25:31 +0200 |
commit | 5375ee508fead38c733a56b394db7bae86435390 (patch) | |
tree | bb2d16029c7425f2314ec2dee3d5c17f4c3b84d7 /disk | |
parent | 1f83431f0053f6fb20c511c391ffc687433848cf (diff) | |
download | u-boot-5375ee508fead38c733a56b394db7bae86435390.tar.gz |
disk: efi: buffer overflow in part_get_info_efi()
In part_get_info_efi() we use the output of print_efiname() to set
info->name[]. The size of info->name is PART_NAME_LEN = 32 but
print_efiname() returns a string with a maximum length of
PARTNAME_SZ + 1 = 37.
Use snprintf() instead of sprintf() to avoid buffer overflow.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Diffstat (limited to 'disk')
-rw-r--r-- | disk/part_efi.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/disk/part_efi.c b/disk/part_efi.c index c0fa753339..3e026697db 100644 --- a/disk/part_efi.c +++ b/disk/part_efi.c @@ -313,8 +313,8 @@ int part_get_info_efi(struct blk_desc *dev_desc, int part, - info->start; info->blksz = dev_desc->blksz; - sprintf((char *)info->name, "%s", - print_efiname(&gpt_pte[part - 1])); + snprintf((char *)info->name, sizeof(info->name), "%s", + print_efiname(&gpt_pte[part - 1])); strcpy((char *)info->type, "U-Boot"); info->bootable = is_bootable(&gpt_pte[part - 1]); #if CONFIG_IS_ENABLED(PARTITION_UUIDS) |