diff options
| author | wdenk <wdenk> | 2004-03-17 01:13:07 +0000 |
|---|---|---|
| committer | wdenk <wdenk> | 2004-03-17 01:13:07 +0000 |
| commit | 7d7ce4125f769a21a321c3df972272c5854d54f7 (patch) | |
| tree | ca95548f218169750a0b3d3ddf72e3464d9f8d0d /common/cmd_ide.c | |
| parent | d9df1f4e662441c487f96a4e1f91caa9297afdd9 (diff) | |
| download | olio-uboot-2014.01-7d7ce4125f769a21a321c3df972272c5854d54f7.tar.xz olio-uboot-2014.01-7d7ce4125f769a21a321c3df972272c5854d54f7.zip | |
Patch by Pierre Aubert, 15 Mar 2004:
Fix buffer overflow in IDE identification
Diffstat (limited to 'common/cmd_ide.c')
| -rw-r--r-- | common/cmd_ide.c | 38 |
1 files changed, 21 insertions, 17 deletions
diff --git a/common/cmd_ide.c b/common/cmd_ide.c index 2b8b2bc94..8644d986b 100644 --- a/common/cmd_ide.c +++ b/common/cmd_ide.c @@ -1410,27 +1410,31 @@ WR_OUT: /* * copy src to dest, skipping leading and trailing blanks and null * terminate the string + * "len" is the size of available memory including the terminating '\0' */ -static void ident_cpy (unsigned char *dest, unsigned char *src, unsigned int len) +static void ident_cpy (unsigned char *dst, unsigned char *src, unsigned int len) { - int start,end; + unsigned char *end, *last; - start=0; - while (start<len) { - if (src[start]!=' ') - break; - start++; - } - end=len-1; - while (end>start) { - if (src[end]!=' ') - break; - end--; - } - for ( ; start<=end; start++) { - *dest++=src[start]; + last = dst; + end = src + len; + + /* reserve space for '\0' */ + if (len < 2) + goto OUT; + + /* skip leading white space */ + while ((*src) && (src<end) && (*src==' ')) + ++src; + + /* copy string, omitting trailing white space */ + while ((*src) && (src<end)) { + *dst++ = *src; + if (*src++ != ' ') + last = dst; } - *dest='\0'; +OUT: + *last = '\0'; } /* ------------------------------------------------------------------------- */ |