summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPatrick Georgi <patrick@georgi-clan.de>2014-08-03 12:14:25 +0200
committerPatrick Georgi <patrick@georgi-clan.de>2014-08-03 15:19:27 +0200
commit440daf786a85f8c1f4959c519811e3d6e10586bc (patch)
treed059feb4d26e25175737933d338b0d47bb292224
parentedb0a61be4030cc6bdc605332204bb27c9f1b98f (diff)
ifdtool: Avoid potential buffer overflow
Filenames of 4091 bytes or more lead to a buffer overflow. Change-Id: I1b4b3932af096f0fcbfb783ab708ed273d3a844e Found-by: Coverity Scan Signed-off-by: Patrick Georgi <patrick@georgi-clan.de> Reviewed-on: http://review.coreboot.org/6476 Tested-by: build bot (Jenkins) Reviewed-by: Edward O'Callaghan <eocallaghan@alterapraxis.com> Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
-rw-r--r--util/ifdtool/ifdtool.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/util/ifdtool/ifdtool.c b/util/ifdtool/ifdtool.c
index 0425b1cd49..deef1b1fee 100644
--- a/util/ifdtool/ifdtool.c
+++ b/util/ifdtool/ifdtool.c
@@ -552,7 +552,8 @@ static void write_image(char *filename, char *image, int size)
char new_filename[FILENAME_MAX]; // allow long file names
int new_fd;
- strncpy(new_filename, filename, FILENAME_MAX);
+ // - 5: leave room for ".new\0"
+ strncpy(new_filename, filename, FILENAME_MAX - 5);
strncat(new_filename, ".new", FILENAME_MAX - strlen(filename));
printf("Writing new image to %s\n", new_filename);