summaryrefslogtreecommitdiff
path: root/util/amdfwtool
diff options
context:
space:
mode:
authorZheng Bao <fishbaozi@gmail.com>2021-05-27 11:11:34 +0800
committerFelix Held <felix-coreboot@felixheld.de>2021-08-31 15:05:48 +0000
commitdac446165eab07216428fc660b3fd28603803f0f (patch)
tree6e5f80de298a0846bee48c358524ddea7e6ce8cb /util/amdfwtool
parentfd2982ec8a61894d466efc47a9d724a93af6ddc6 (diff)
amdfwtool: Copy string in a safer way
The issue is reported by Coverity. Using strcpy or strcat copying string without checking length may cause overflow. BUG=b:188769921 Reported-by: Coverity (CID:1438964) Change-Id: I609d9ce405d01c57b1847a6310630ea0341e13be Signed-off-by: Zheng Bao <fishbaozi@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/54946 Reviewed-by: Felix Held <felix-coreboot@felixheld.de> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Diffstat (limited to 'util/amdfwtool')
-rw-r--r--util/amdfwtool/data_parse.c15
1 files changed, 10 insertions, 5 deletions
diff --git a/util/amdfwtool/data_parse.c b/util/amdfwtool/data_parse.c
index 6b773e04c3..026480f64d 100644
--- a/util/amdfwtool/data_parse.c
+++ b/util/amdfwtool/data_parse.c
@@ -5,6 +5,7 @@
#include <string.h>
#include <stdlib.h>
#include <stdint.h>
+#include <assert.h>
#include "amdfwtool.h"
@@ -410,6 +411,7 @@ uint8_t process_config(FILE *config, amd_cb_config *cb_config, uint8_t print_dep
char oneline[MAX_LINE_SIZE], *path_filename;
regmatch_t match[N_MATCHES];
char dir[MAX_LINE_SIZE] = {'\0'};
+ uint32_t dir_len;
compile_reg_expr(REG_EXTENDED | REG_NEWLINE,
blank_or_comment_regex, &blank_or_comment_expr);
@@ -424,7 +426,10 @@ uint8_t process_config(FILE *config, amd_cb_config *cb_config, uint8_t print_dep
continue;
if (is_valid_entry(oneline, match)) {
if (strcmp(&(oneline[match[1].rm_so]), "FIRMWARE_LOCATION") == 0) {
- strcpy(dir, &(oneline[match[2].rm_so]));
+ dir_len = match[2].rm_eo - match[2].rm_so;
+ assert(dir_len < MAX_LINE_SIZE);
+ snprintf(dir, MAX_LINE_SIZE, "%.*s", dir_len,
+ &(oneline[match[2].rm_so]));
break;
}
}
@@ -445,10 +450,10 @@ uint8_t process_config(FILE *config, amd_cb_config *cb_config, uint8_t print_dep
if (strcmp(&(oneline[match[1].rm_so]), "FIRMWARE_LOCATION") == 0) {
continue;
} else {
- path_filename = malloc(MAX_LINE_SIZE);
- strcpy(path_filename, dir);
- strcat(path_filename, "/");
- strcat(path_filename, &(oneline[match[2].rm_so]));
+ path_filename = malloc(MAX_LINE_SIZE * 2 + 2);
+ snprintf(path_filename, MAX_LINE_SIZE * 2 + 2, "%.*s/%.*s",
+ MAX_LINE_SIZE, dir, MAX_LINE_SIZE,
+ &(oneline[match[2].rm_so]));
if (find_register_fw_filename_psp_dir(
&(oneline[match[1].rm_so]),