Fix Tracehash Buffer Overflow

Change-Id: Id8c8be0ef1d5e9f3ca377c4a89715c9c46d17a38 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/38304 Reviewed-by: Prachi Gupta <pragupta@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Reviewed-by: Elizabeth K. Liner <eliner@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: Matthew A. Ploetz <maploetz@us.ibm.com>
author: Benjamin Herrenschmidt <bherren@au1.ibm.com> 2017-03-22 11:48:21 -0500
committer: Matthew A. Ploetz <maploetz@us.ibm.com> 2017-03-24 16:17:54 -0400
commit: 82c7782756df58c99a0979777250c5f0987980fa (patch)
tree: 0bf2a9e538444b1bb801b88452c29d4e490e7d35 /src/build/trace/tracehash.c
parent: 69590177ddbeff7bb484d0946a8d08b6da9858fb (diff)
download: talos-hostboot-82c7782756df58c99a0979777250c5f0987980fa.tar.gz
talos-hostboot-82c7782756df58c99a0979777250c5f0987980fa.zip
1 files changed, 6 insertions, 3 deletions
diff --git a/src/build/trace/tracehash.c b/src/build/trace/tracehash.c
index 076d3e1e1..26607898e 100644
--- a/src/build/trace/tracehash.c
+++ b/src/build/trace/tracehash.c
@@ -5,7 +5,7 @@
 /*                                                                        */
 /* OpenPOWER HostBoot Project                                             */
 /*                                                                        */
-/* Contributors Listed Below - COPYRIGHT 2013,2016                        */
+/* Contributors Listed Below - COPYRIGHT 2013,2017                        */
 /* [+] International Business Machines Corp.                              */
 /*                                                                        */
 /*                                                                        */
@@ -665,7 +665,10 @@ char* create_format_string(const char* string)
     size_t r_pos = 0; // Current position in result string.
 
     // Iterate through source string looking for format tags.
-    for(size_t pos = 0; pos < length; pos++)
+    // length - 2 was used because "length" already includes the 0 terminal byte
+    //   and we want to make sure we have at least one char beyond the "%"
+    //   that way we have two which should deal with most cases
+    for(size_t pos = 0; pos < (length-2); pos++)
     {
         // Skip if not %.
         if (string[pos] != '%') continue;
@@ -882,7 +885,7 @@ void parse_traceinfo(bfd* inFile, asection* s)
             static const char filesep[] = ": ";
 
             size_t len_begin = replace_pos - (char*)&contents[pos];
-            size_t len_end = strlen(&contents[pos]) -
+            size_t len_end = strlen(&contents[pos + len_begin]) -
                              strlen(TRACEPP_REPLACE_WITH_FILENAME);
             size_t length = len_begin + strlen(filename) + len_end +
                             strlen(filesep) + 1;
author	Benjamin Herrenschmidt <bherren@au1.ibm.com>	2017-03-22 11:48:21 -0500
committer	Matthew A. Ploetz <maploetz@us.ibm.com>	2017-03-24 16:17:54 -0400
commit	82c7782756df58c99a0979777250c5f0987980fa (patch)
tree	0bf2a9e538444b1bb801b88452c29d4e490e7d35 /src/build/trace/tracehash.c
parent	69590177ddbeff7bb484d0946a8d08b6da9858fb (diff)
download	talos-hostboot-82c7782756df58c99a0979777250c5f0987980fa.tar.gz talos-hostboot-82c7782756df58c99a0979777250c5f0987980fa.zip