From e0c53af470feae1d7d66dc4aa9d067402a468626 Mon Sep 17 00:00:00 2001 From: Youness Alaoui Date: Fri, 31 Mar 2017 16:21:50 -0400 Subject: util/intelmetool: Fix access to deleted data on stack pci_me_interface_scan was returning (via argument 'name') a pointer to the interface name which was stored in a stack variable. This caused part of the name to be printed as garbage stack data in some situations if stack data was overwritten. This moves the name buffer to the calling function so it can be accessed before it gets overwritten. Change-Id: I947a4c794ee37fe87e035593eaabcaf963b9875e Signed-off-by: Youness Alaoui Reviewed-on: https://review.coreboot.org/19066 Tested-by: build bot (Jenkins) Reviewed-by: Nico Huber --- util/intelmetool/intelmetool.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/util/intelmetool/intelmetool.c b/util/intelmetool/intelmetool.c index 45e8c8f7ba..c49c635ca5 100644 --- a/util/intelmetool/intelmetool.c +++ b/util/intelmetool/intelmetool.c @@ -106,7 +106,8 @@ static void dump_me_memory() { static int pci_platform_scan() { struct pci_access *pacc; struct pci_dev *dev; - char namebuf[1024], *name; + char namebuf[1024]; + const char *name; pacc = pci_alloc(); pacc->method = PCI_ACCESS_I386_TYPE1; @@ -152,10 +153,9 @@ static int pci_platform_scan() { return 0; } -static struct pci_dev *pci_me_interface_scan(char **name) { +static struct pci_dev *pci_me_interface_scan(const char **name, char *namebuf, int namebuf_size) { struct pci_access *pacc; struct pci_dev *dev; - char namebuf[1024]; int me = 0; pacc = pci_alloc(); @@ -166,7 +166,7 @@ static struct pci_dev *pci_me_interface_scan(char **name) { for (dev=pacc->devices; dev; dev=dev->next) { pci_fill_info(dev, PCI_FILL_IDENT | PCI_FILL_BASES | PCI_FILL_SIZES | PCI_FILL_CLASS); - *name = pci_lookup_name(pacc, namebuf, sizeof(namebuf), + *name = pci_lookup_name(pacc, namebuf, namebuf_size, PCI_LOOKUP_DEVICE, dev->vendor_id, dev->device_id); if (dev->vendor_id == 0x8086) { if (PCI_DEV_HAS_SUPPORTED_ME(dev->device_id)) { @@ -226,7 +226,8 @@ static int activate_me() { static void dump_me_info() { struct pci_dev *dev; uint32_t stat, stat2; - char *name; + char namebuf[1024]; + const char *name; if (pci_platform_scan()) { exit(1); @@ -236,7 +237,7 @@ static void dump_me_info() { exit(1); } - dev = pci_me_interface_scan(&name); + dev = pci_me_interface_scan(&name, namebuf, sizeof(namebuf)); if (!dev) { exit(1); } -- cgit v1.2.3