]> git.dujemihanovic.xyz Git - u-boot.git/commitdiff
hash: Ensure verification hex pairs are terminated
authorSimon Glass <sjg@chromium.org>
Sat, 24 Jul 2021 15:03:28 +0000 (09:03 -0600)
committerTom Rini <trini@konsulko.com>
Mon, 2 Aug 2021 17:31:32 +0000 (13:31 -0400)
This function seems to assume that the chr[] variable contains zeros at
the start, which is not always true. Use strlcpy() to be safe.

Signed-off-by: Simon Glass <sjg@chromium.org>
common/hash.c

index 90cf46bcba5af140a41faae78d18ad8a6cd89e4b..059d381e23166d549e2644c2affacbf5afe32a3a 100644 (file)
@@ -396,7 +396,7 @@ int hash_parse_string(const char *algo_name, const char *str, uint8_t *result)
        for (i = 0; i < algo->digest_size; i++) {
                char chr[3];
 
-               strncpy(chr, &str[i * 2], 2);
+               strlcpy(chr, &str[i * 2], 3);
                result[i] = simple_strtoul(chr, NULL, 16);
        }