diff options
author | Benjamin Herrenschmidt <bherren@au1.ibm.com> | 2017-03-22 11:48:21 -0500 |
---|---|---|
committer | Matthew A. Ploetz <maploetz@us.ibm.com> | 2017-03-24 16:17:54 -0400 |
commit | 82c7782756df58c99a0979777250c5f0987980fa (patch) | |
tree | 0bf2a9e538444b1bb801b88452c29d4e490e7d35 /src/build/trace/tracehash.c | |
parent | 69590177ddbeff7bb484d0946a8d08b6da9858fb (diff) | |
download | talos-hostboot-82c7782756df58c99a0979777250c5f0987980fa.tar.gz talos-hostboot-82c7782756df58c99a0979777250c5f0987980fa.zip |
Fix Tracehash Buffer Overflow
Change-Id: Id8c8be0ef1d5e9f3ca377c4a89715c9c46d17a38
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/38304
Reviewed-by: Prachi Gupta <pragupta@us.ibm.com>
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Reviewed-by: Elizabeth K. Liner <eliner@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Reviewed-by: Matthew A. Ploetz <maploetz@us.ibm.com>
Diffstat (limited to 'src/build/trace/tracehash.c')
-rw-r--r-- | src/build/trace/tracehash.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/src/build/trace/tracehash.c b/src/build/trace/tracehash.c index 076d3e1e1..26607898e 100644 --- a/src/build/trace/tracehash.c +++ b/src/build/trace/tracehash.c @@ -5,7 +5,7 @@ /* */ /* OpenPOWER HostBoot Project */ /* */ -/* Contributors Listed Below - COPYRIGHT 2013,2016 */ +/* Contributors Listed Below - COPYRIGHT 2013,2017 */ /* [+] International Business Machines Corp. */ /* */ /* */ @@ -665,7 +665,10 @@ char* create_format_string(const char* string) size_t r_pos = 0; // Current position in result string. // Iterate through source string looking for format tags. - for(size_t pos = 0; pos < length; pos++) + // length - 2 was used because "length" already includes the 0 terminal byte + // and we want to make sure we have at least one char beyond the "%" + // that way we have two which should deal with most cases + for(size_t pos = 0; pos < (length-2); pos++) { // Skip if not %. if (string[pos] != '%') continue; @@ -882,7 +885,7 @@ void parse_traceinfo(bfd* inFile, asection* s) static const char filesep[] = ": "; size_t len_begin = replace_pos - (char*)&contents[pos]; - size_t len_end = strlen(&contents[pos]) - + size_t len_end = strlen(&contents[pos + len_begin]) - strlen(TRACEPP_REPLACE_WITH_FILENAME); size_t length = len_begin + strlen(filename) + len_end + strlen(filesep) + 1; |