mirror of
https://github.com/brain-hackers/u-boot-brain
synced 2024-09-28 07:30:26 +09:00
disk: efi: buffer overflow in part_get_info_efi()
In part_get_info_efi() we use the output of print_efiname() to set info->name[]. The size of info->name is PART_NAME_LEN = 32 but print_efiname() returns a string with a maximum length of PARTNAME_SZ + 1 = 37. Use snprintf() instead of sprintf() to avoid buffer overflow. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
This commit is contained in:
parent
1f83431f00
commit
5375ee508f
@ -313,7 +313,7 @@ int part_get_info_efi(struct blk_desc *dev_desc, int part,
|
|||||||
- info->start;
|
- info->start;
|
||||||
info->blksz = dev_desc->blksz;
|
info->blksz = dev_desc->blksz;
|
||||||
|
|
||||||
sprintf((char *)info->name, "%s",
|
snprintf((char *)info->name, sizeof(info->name), "%s",
|
||||||
print_efiname(&gpt_pte[part - 1]));
|
print_efiname(&gpt_pte[part - 1]));
|
||||||
strcpy((char *)info->type, "U-Boot");
|
strcpy((char *)info->type, "U-Boot");
|
||||||
info->bootable = is_bootable(&gpt_pte[part - 1]);
|
info->bootable = is_bootable(&gpt_pte[part - 1]);
|
||||||
|
Loading…
Reference in New Issue
Block a user