Gitiles
Code Review Sign In
review.sourcearcade.org / flashprog / 5feb8cdb6ff497e45cda73839dacafc240bf83bb
commit5feb8cdb6ff497e45cda73839dacafc240bf83bb[log] [tgz]
authorXiang Wang <merle@hardenedlinux.org>Wed Jan 20 17:31:19 2021 +0800
committerFelix Singer <felixsinger@posteo.net>Thu Sep 29 17:05:38 2022 +0000
treefd3c99ccf093d56e957068e763d9c83d774ca2c7
parentb822ce85aaed8c6dfa8f5e1e2354db5c9db50509 [diff]
helpers.c: Fix undefined behavior in strndup()

Using strlen() or strdup() inside strndup() is problematic: if the
input string is not null-terminated, these functions can read past the
end of the buffer, which triggers undefined behavior. Rewrite the
function to never read past the provided `maxlen` bound.

Change-Id: Id34127024085879228626fbad59af03268ec5255
Signed-off-by: Xiang Wang <merle@hardenedliux.org>
Reviewed-on: https://review.coreboot.org/c/flashrom/+/49741
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-on: https://review.coreboot.org/c/flashrom/+/67870
Reviewed-by: Felix Singer <felixsinger@posteo.net>
1 file changed
tree: fd3c99ccf093d56e957068e763d9c83d774ca2c7
  1. Documentation/
  2. util/
  3. .gitattributes
  4. .gitignore
  5. 82802ab.c
  6. amd_imc.c
  7. archtest.c
  8. at45db.c
  9. atahpt.c
  10. atapromise.c
  11. atavia.c
  12. bitbang_spi.c
  13. board_enable.c
  14. buspirate_spi.c
  15. cbtable.c
  16. ch341a_spi.c
  17. chipdrivers.h
  18. chipset_enable.c
  19. cli_classic.c
  20. cli_common.c
  21. cli_output.c
  22. COPYING
  23. coreboot_tables.h
  24. custom_baud.c
  25. custom_baud.h
  26. dediprog.c
  27. developerbox_spi.c
  28. digilent_spi.c
  29. dmi.c
  30. Doxyfile
  31. drkaiser.c
  32. dummyflasher.c
  33. edi.c
  34. edi.h
  35. en29lv640b.c
  36. endiantest.c
  37. ene.h
  38. flash.h
  39. flashchips.c
  40. flashchips.h
  41. flashrom.8.tmpl
  42. flashrom.c
  43. fmap.c
  44. fmap.h
  45. ft2232_spi.c
  46. gfxnvidia.c
  47. helpers.c
  48. hwaccess.c
  49. hwaccess.h
  50. ich_descriptors.c
  51. ich_descriptors.h
  52. ichspi.c
  53. internal.c
  54. it8212.c
  55. it85spi.c
  56. it87spi.c
  57. jedec.c
  58. jlink_spi.c
  59. layout.c
  60. layout.h
  61. libflashrom.c
  62. libflashrom.h
  63. libflashrom.map
  64. linux_mtd.c
  65. linux_spi.c
  66. Makefile
  67. mcp6x_spi.c
  68. meson.build
  69. meson_options.txt
  70. mstarddc_spi.c
  71. ni845x_spi.c
  72. nic3com.c
  73. nicintel.c
  74. nicintel_eeprom.c
  75. nicintel_spi.c
  76. nicnatsemi.c
  77. nicrealtek.c
  78. ogp_spi.c
  79. opaque.c
  80. os.h
  81. pcidev.c
  82. physmap.c
  83. pickit2_spi.c
  84. platform.h
  85. pony_spi.c
  86. print.c
  87. print_wiki.c
  88. processor_enable.c
  89. programmer.c
  90. programmer.h
  91. rayer_spi.c
  92. README
  93. satamv.c
  94. satasii.c
  95. sb600spi.c
  96. serial.c
  97. serprog.c
  98. serprog.h
  99. sfdp.c
  100. spi.c
  101. spi.h
  102. spi25.c
  103. spi25_statusreg.c
  104. spi95.c
  105. sst28sf040.c
  106. sst49lfxxxc.c
  107. sst_fwhub.c
  108. stlinkv3_spi.c
  109. stm50.c
  110. test_build.sh
  111. udelay.c
  112. usbblaster_spi.c
  113. usbdev.c
  114. w29ee011.c
  115. w39.c
  116. wbsio_spi.c