]> git.dujemihanovic.xyz Git - u-boot.git/commitdiff
board: amlogic: fix buffler overflow in seria, mac & usid read
authorNeil Armstrong <neil.armstrong@linaro.org>
Wed, 20 Mar 2024 08:46:11 +0000 (09:46 +0100)
committerNeil Armstrong <neil.armstrong@linaro.org>
Mon, 25 Mar 2024 08:16:19 +0000 (09:16 +0100)
While meson_sm_read_efuse() doesn't overflow, the string is not
zero terminated and env_set*() will buffer overflow and add random
characters to environment.

Acked-by: Viacheslav Bocharov <adeep@lexina.in>
Link: https://lore.kernel.org/r/20240320-u-boot-fix-p200-serial-v2-1-972be646a301@linaro.org
Signed-off-by: Neil Armstrong <neil.armstrong@linaro.org>
board/amlogic/beelink-s922x/beelink-s922x.c
board/amlogic/jethub-j100/jethub-j100.c
board/amlogic/jethub-j80/jethub-j80.c
board/amlogic/odroid-n2/odroid-n2.c
board/amlogic/p200/p200.c
board/amlogic/p201/p201.c
board/amlogic/p212/p212.c
board/amlogic/q200/q200.c
board/amlogic/vim3/vim3.c

index adae27fc7e75afd76f86e7db221c3a4e06b84342..c2776310a3dc7da037c43589d7736c605f2c1ae2 100644 (file)
@@ -20,7 +20,7 @@
 
 int misc_init_r(void)
 {
-       u8 mac_addr[MAC_ADDR_LEN];
+       u8 mac_addr[MAC_ADDR_LEN + 1];
        char efuse_mac_addr[EFUSE_MAC_SIZE], tmp[3];
        ssize_t len;
 
@@ -41,6 +41,7 @@ int misc_init_r(void)
                        tmp[2] = '\0';
                        mac_addr[i] = hextoul(tmp, NULL);
                }
+               mac_addr[MAC_ADDR_LEN] = '\0';
 
                if (is_valid_ethaddr(mac_addr))
                        eth_env_set_enetaddr("ethaddr", mac_addr);
index 6a2c4ad4c3c26d5bd96533ede13804ad6dce9625..010fc0df7d18c9425e57df3cea286cf752f4fea0 100644 (file)
@@ -17,7 +17,7 @@
 
 int misc_init_r(void)
 {
-       u8 mac_addr[ARP_HLEN];
+       u8 mac_addr[ARP_HLEN + 1];
        char serial[SM_SERIAL_SIZE];
        u32 sid;
 
@@ -34,6 +34,7 @@ int misc_init_r(void)
                mac_addr[3] = (sid >> 16) & 0xff;
                mac_addr[4] = (sid >>  8) & 0xff;
                mac_addr[5] = (sid >>  0) & 0xff;
+               mac_addr[ARP_HLEN] = '\0';
 
                eth_env_set_enetaddr("ethaddr", mac_addr);
        }
index 185880de1396edbbb51b2344326556e8059e53e4..0b781666e985d3b70f0838a2ccb9012f0e81d67b 100644 (file)
@@ -27,9 +27,9 @@
 
 int misc_init_r(void)
 {
-       u8 mac_addr[EFUSE_MAC_SIZE];
-       char serial[EFUSE_SN_SIZE];
-       char usid[EFUSE_USID_SIZE];
+       u8 mac_addr[EFUSE_MAC_SIZE + 1];
+       char serial[EFUSE_SN_SIZE + 1];
+       char usid[EFUSE_USID_SIZE + 1];
        ssize_t len;
        unsigned int adcval;
        int ret;
@@ -37,6 +37,7 @@ int misc_init_r(void)
        if (!eth_env_get_enetaddr("ethaddr", mac_addr)) {
                len = meson_sm_read_efuse(EFUSE_MAC_OFFSET,
                                          mac_addr, EFUSE_MAC_SIZE);
+               mac_addr[len] = '\0';
                if (len == EFUSE_MAC_SIZE && is_valid_ethaddr(mac_addr))
                        eth_env_set_enetaddr("ethaddr", mac_addr);
                else
@@ -46,6 +47,7 @@ int misc_init_r(void)
        if (!env_get("serial")) {
                len = meson_sm_read_efuse(EFUSE_SN_OFFSET, serial,
                                          EFUSE_SN_SIZE);
+               serial[len] = '\0';
                if (len == EFUSE_SN_SIZE)
                        env_set("serial", serial);
        }
@@ -53,6 +55,7 @@ int misc_init_r(void)
        if (!env_get("usid")) {
                len = meson_sm_read_efuse(EFUSE_USID_OFFSET, usid,
                                          EFUSE_USID_SIZE);
+               usid[len] = '\0';
                if (len == EFUSE_USID_SIZE)
                        env_set("usid", usid);
        }
index 2135457edd97938927c7e70859a4537d138a79dc..a4bcc62174a0e88429e1ba68691ab88355a866d3 100644 (file)
@@ -107,7 +107,7 @@ static int odroid_detect_variant(void)
 
 int misc_init_r(void)
 {
-       u8 mac_addr[MAC_ADDR_LEN];
+       u8 mac_addr[MAC_ADDR_LEN + 1];
        char efuse_mac_addr[EFUSE_MAC_SIZE], tmp[3];
        ssize_t len;
 
@@ -128,6 +128,7 @@ int misc_init_r(void)
                        tmp[2] = '\0';
                        mac_addr[i] = hextoul(tmp, NULL);
                }
+               mac_addr[MAC_ADDR_LEN] = '\0';
 
                if (is_valid_ethaddr(mac_addr))
                        eth_env_set_enetaddr("ethaddr", mac_addr);
index 3061f7a6b3c92400b84672b0f9e1814e21c7ecfb..754242e4a9fa112426a8079ebcf541cd6645c239 100644 (file)
 
 int misc_init_r(void)
 {
-       u8 mac_addr[EFUSE_MAC_SIZE];
-       char serial[EFUSE_SN_SIZE];
+       u8 mac_addr[EFUSE_MAC_SIZE + 1];
+       char serial[EFUSE_SN_SIZE + 1];
        ssize_t len;
 
        if (!eth_env_get_enetaddr("ethaddr", mac_addr)) {
                len = meson_sm_read_efuse(EFUSE_MAC_OFFSET,
                                          mac_addr, EFUSE_MAC_SIZE);
+               mac_addr[len] = '\0';
                if (len == EFUSE_MAC_SIZE && is_valid_ethaddr(mac_addr))
                        eth_env_set_enetaddr("ethaddr", mac_addr);
                else
@@ -37,6 +38,7 @@ int misc_init_r(void)
        if (!env_get("serial#")) {
                len = meson_sm_read_efuse(EFUSE_SN_OFFSET, serial,
                        EFUSE_SN_SIZE);
+               serial[len] = '\0';
                if (len == EFUSE_SN_SIZE)
                        env_set("serial#", serial);
        }
index 7c432f9d2810cfc64a4184d571b3a2b165a73960..769e2735d27ecc86a7a8ebf40dd70b0fa38cc4b4 100644 (file)
 
 int misc_init_r(void)
 {
-       u8 mac_addr[EFUSE_MAC_SIZE];
-       char serial[EFUSE_SN_SIZE];
+       u8 mac_addr[EFUSE_MAC_SIZE + 1];
+       char serial[EFUSE_SN_SIZE + 1];
        ssize_t len;
 
        if (!eth_env_get_enetaddr("ethaddr", mac_addr)) {
                len = meson_sm_read_efuse(EFUSE_MAC_OFFSET,
                                          mac_addr, EFUSE_MAC_SIZE);
+               mac_addr[len] = '\0';
                if (len == EFUSE_MAC_SIZE && is_valid_ethaddr(mac_addr))
                        eth_env_set_enetaddr("ethaddr", mac_addr);
        }
@@ -35,6 +36,7 @@ int misc_init_r(void)
        if (!env_get("serial#")) {
                len = meson_sm_read_efuse(EFUSE_SN_OFFSET, serial,
                        EFUSE_SN_SIZE);
+               serial[len] = '\0';
                if (len == EFUSE_SN_SIZE)
                        env_set("serial#", serial);
        }
index fcef90bce56f09113907558c55b0b45696f95da0..f6e60ae3af1799a21d4fd1793e217e83eaed9a0a 100644 (file)
 
 int misc_init_r(void)
 {
-       u8 mac_addr[EFUSE_MAC_SIZE];
-       char serial[EFUSE_SN_SIZE];
+       u8 mac_addr[EFUSE_MAC_SIZE + 1];
+       char serial[EFUSE_SN_SIZE + 1];
        ssize_t len;
 
        if (!eth_env_get_enetaddr("ethaddr", mac_addr)) {
                len = meson_sm_read_efuse(EFUSE_MAC_OFFSET,
                                          mac_addr, EFUSE_MAC_SIZE);
+               mac_addr[len] = '\0';
                if (len == EFUSE_MAC_SIZE && is_valid_ethaddr(mac_addr))
                        eth_env_set_enetaddr("ethaddr", mac_addr);
                else
@@ -38,6 +39,7 @@ int misc_init_r(void)
        if (!env_get("serial#")) {
                len = meson_sm_read_efuse(EFUSE_SN_OFFSET, serial,
                        EFUSE_SN_SIZE);
+               serial[len] = '\0';
                if (len == EFUSE_SN_SIZE)
                        env_set("serial#", serial);
        }
index 3aa6d8f200e288fa19a275dd6b622f9c2eb08608..47f1566a9d3d09b44bf232267301023afaf8f500 100644 (file)
 
 int misc_init_r(void)
 {
-       u8 mac_addr[EFUSE_MAC_SIZE];
-       char serial[EFUSE_SN_SIZE];
+       u8 mac_addr[EFUSE_MAC_SIZE + 1];
+       char serial[EFUSE_SN_SIZE + 1];
        ssize_t len;
 
        if (!eth_env_get_enetaddr("ethaddr", mac_addr)) {
                len = meson_sm_read_efuse(EFUSE_MAC_OFFSET,
                                          mac_addr, EFUSE_MAC_SIZE);
+               mac_addr[len] = '\0';
                if (len == EFUSE_MAC_SIZE && is_valid_ethaddr(mac_addr))
                        eth_env_set_enetaddr("ethaddr", mac_addr);
                else
@@ -38,6 +39,7 @@ int misc_init_r(void)
        if (!env_get("serial#")) {
                len = meson_sm_read_efuse(EFUSE_SN_OFFSET, serial,
                                          EFUSE_SN_SIZE);
+               serial[len] = '\0';
                if (len == EFUSE_SN_SIZE)
                        env_set("serial#", serial);
        }
index 8bdfb302f7283e3939c57c146d12eafcf92baf01..43d7a8e84f6241bf3791d0f1f607033a80c5c951 100644 (file)
@@ -151,7 +151,7 @@ int meson_ft_board_setup(void *blob, struct bd_info *bd)
 
 int misc_init_r(void)
 {
-       u8 mac_addr[MAC_ADDR_LEN];
+       u8 mac_addr[MAC_ADDR_LEN + 1];
        char efuse_mac_addr[EFUSE_MAC_SIZE], tmp[3];
        char serial_string[EFUSE_MAC_SIZE + 1];
        ssize_t len;
@@ -169,6 +169,7 @@ int misc_init_r(void)
                        tmp[2] = '\0';
                        mac_addr[i] = hextoul(tmp, NULL);
                }
+               mac_addr[MAC_ADDR_LEN] = '\0';
 
                if (is_valid_ethaddr(mac_addr))
                        eth_env_set_enetaddr("ethaddr", mac_addr);