hush shell: Avoid string write overflow when entering max cmd length

console_buffer array is defined to be CONFIG_SYS_CBSIZE + 1 long, whereas the_command array only CONFIG_SYS_CBSIZE long. Subsequent use of strcpy(the_command, console_buffer) will write final \0 terminating byte outside the_command array when entering a command of max length. Signed-off-by: Kristian Otnes <kotnes <at> cisco <dot> com>
author: Kristian Otnes <kotnes@cisco.com> 2014-04-25 15:35:43 +0200
committer: Tom Rini <trini@ti.com> 2014-05-12 15:20:05 -0400
commit: 5c50a92bbea7e118ea4e4fb0945bf6707b010a80 (patch)
tree: 034a76d7fe3a7e183aba9ba9fd3c518e9fa21fef /common
parent: bf69d6642326cfecef440bb245946903454ff30e (diff)
download: talos-obmc-uboot-5c50a92bbea7e118ea4e4fb0945bf6707b010a80.tar.gz
talos-obmc-uboot-5c50a92bbea7e118ea4e4fb0945bf6707b010a80.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/common/hush.c b/common/hush.c
index df10267d64..5b43224759 100644
--- a/common/hush.c
+++ b/common/hush.c
@@ -996,7 +996,7 @@ static void get_user_input(struct in_str *i)
 	i->p = the_command;
 #else
 	int n;
-	static char the_command[CONFIG_SYS_CBSIZE];
+	static char the_command[CONFIG_SYS_CBSIZE + 1];
 
 #ifdef CONFIG_BOOT_RETRY_TIME
 #  ifndef CONFIG_RESET_TO_RETRY
author	Kristian Otnes <kotnes@cisco.com>	2014-04-25 15:35:43 +0200
committer	Tom Rini <trini@ti.com>	2014-05-12 15:20:05 -0400
commit	5c50a92bbea7e118ea4e4fb0945bf6707b010a80 (patch)
tree	034a76d7fe3a7e183aba9ba9fd3c518e9fa21fef /common
parent	bf69d6642326cfecef440bb245946903454ff30e (diff)
download	talos-obmc-uboot-5c50a92bbea7e118ea4e4fb0945bf6707b010a80.tar.gz talos-obmc-uboot-5c50a92bbea7e118ea4e4fb0945bf6707b010a80.zip