修订版 | 085cbdafca9c3d7bc2f27523a343f61db82f2ccb (tree) |
---|---|
时间 | 2022-07-19 00:21:49 |
作者 | Heinrich Schuchardt <heinrich.schuchardt@cano...> |
Commiter | Heinrich Schuchardt |
pxe: simplify label_boot()
Coverity CID 131256 indicates a possible buffer overflow in label_boot().
This would only occur if the size of the downloaded file would exceed 4
GiB. But anyway we can simplify the code by using snprintf() and checking
the return value.
Addresses-Coverity-ID: 131256 ("Security best practices violations (STRING_OVERFLOW)")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ramon Fried <rfried.dev@gmail.com>
Reviewed-by: Artem Lapkin <email2tema@gmail.com>
@@ -532,11 +532,10 @@ static int label_boot(struct pxe_context *ctx, struct pxe_label *label) | ||
532 | 532 | } |
533 | 533 | |
534 | 534 | initrd_addr_str = env_get("ramdisk_addr_r"); |
535 | - strcpy(initrd_filesize, simple_xtoa(size)); | |
536 | - | |
537 | - strncpy(initrd_str, initrd_addr_str, 18); | |
538 | - strcat(initrd_str, ":"); | |
539 | - strncat(initrd_str, initrd_filesize, 9); | |
535 | + size = snprintf(initrd_str, sizeof(initrd_str), "%s:%lx", | |
536 | + initrd_addr_str, size); | |
537 | + if (size >= sizeof(initrd_str)) | |
538 | + return 1; | |
540 | 539 | } |
541 | 540 | |
542 | 541 | if (get_relfile_envaddr(ctx, label->kernel, "kernel_addr_r", |