A large enough argument to the --port option could cause a string buffer
to be not NULL terminated because grub_strncpy() does not guarantee NULL
termination if copied string is longer than max characters to copy.
Fixes: 712309eaae04 (term/serial: Use grub_strncpy() instead of grub_snprintf()
when only copying string)
Signed-off-by: Glenn Washburn <developm...@efficientek.com>
---
grub-core/term/serial.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/grub-core/term/serial.c b/grub-core/term/serial.c
index 869555430153..8260dcb7a87a 100644
--- a/grub-core/term/serial.c
+++ b/grub-core/term/serial.c
@@ -257,7 +257,10 @@ grub_cmd_serial (grub_extcmd_context_t ctxt, int argc,
char **args)
{
if (grub_strncmp (state[OPTION_PORT].arg, "mmio,", sizeof ("mmio,") - 1)
== 0 ||
grub_strncmp (state[OPTION_PORT].arg, "pci,", sizeof ("pci,") - 1) ==
0)
- grub_strncpy (pname, state[1].arg, sizeof (pname));
+ {
+ grub_strncpy (pname, state[1].arg, sizeof (pname));
+ pname[sizeof (pname) - 1] = '\0';
+ }
else
grub_snprintf (pname, sizeof (pname), "port%lx",
grub_strtoul (state[1].arg, 0, 0));
--
2.34.1
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
