From 031725f8cdf33e836d19f35d3fe82c5baa5a2976 Mon Sep 17 00:00:00 2001 From: Simon Glass Date: Sat, 24 Jul 2021 09:03:28 -0600 Subject: [PATCH] hash: Ensure verification hex pairs are terminated This function seems to assume that the chr[] variable contains zeros at the start, which is not always true. Use strlcpy() to be safe. Signed-off-by: Simon Glass --- common/hash.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/common/hash.c b/common/hash.c index 90cf46bcba..059d381e23 100644 --- a/common/hash.c +++ b/common/hash.c @@ -396,7 +396,7 @@ int hash_parse_string(const char *algo_name, const char *str, uint8_t *result) for (i = 0; i < algo->digest_size; i++) { char chr[3]; - strncpy(chr, &str[i * 2], 2); + strlcpy(chr, &str[i * 2], 3); result[i] = simple_strtoul(chr, NULL, 16); } -- 2.39.5