Re: [U-Boot] [PATCH] common: cli_simple: use strncpy instead of strcpy

2016-01-09 Thread Tom Rini 
On Sat, Jan 09, 2016 at 09:31:48PM +0800, Peng Fan wrote:

> Report Coverity log:
> Destination buffer too small (STRING_OVERFLOW)
> string_overflow: You might overrun the 1024 byte destination string
> lastcommand by writing 1025 bytes from console_buffer
> 
> Signed-off-by: Peng Fan 
> Cc: Heiko Schocher 
> Cc: Simon Glass 
> Cc: Tom Rini 
> ---
>  common/cli_simple.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/common/cli_simple.c b/common/cli_simple.c
> index 9c3d073..c51f963 100644
> --- a/common/cli_simple.c
> +++ b/common/cli_simple.c
> @@ -276,7 +276,8 @@ void cli_simple_loop(void)
>  
>   flag = 0;   /* assume no special flags for now */
>   if (len > 0)
> - strcpy(lastcommand, console_buffer);
> + strncpy(lastcommand, console_buffer,
> + CONFIG_SYS_CBSIZE + 1);
>   else if (len == 0)
>   flag |= CMD_FLAG_REPEAT;
>  #ifdef CONFIG_BOOT_RETRY_TIME

So, long term I would like to see use move to using strlcpy for the
normal case (it might not make sense when working with various defined
protocols, etc).  Thanks!

-- 
Tom


signature.asc
Description: Digital signature
___
U-Boot mailing list
U-Boot@lists.denx.de
http://lists.denx.de/mailman/listinfo/u-boot

[U-Boot] [PATCH] common: cli_simple: use strncpy instead of strcpy

2016-01-09 Thread Peng Fan 
Report Coverity log:
Destination buffer too small (STRING_OVERFLOW)
string_overflow: You might overrun the 1024 byte destination string
lastcommand by writing 1025 bytes from console_buffer

Signed-off-by: Peng Fan 
Cc: Heiko Schocher 
Cc: Simon Glass 
Cc: Tom Rini 
---
 common/cli_simple.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/common/cli_simple.c b/common/cli_simple.c
index 9c3d073..c51f963 100644
--- a/common/cli_simple.c
+++ b/common/cli_simple.c
@@ -276,7 +276,8 @@ void cli_simple_loop(void)
 
flag = 0;   /* assume no special flags for now */
if (len > 0)
-   strcpy(lastcommand, console_buffer);
+   strncpy(lastcommand, console_buffer,
+   CONFIG_SYS_CBSIZE + 1);
else if (len == 0)
flag |= CMD_FLAG_REPEAT;
 #ifdef CONFIG_BOOT_RETRY_TIME
-- 
2.6.2

___
U-Boot mailing list
U-Boot@lists.denx.de
http://lists.denx.de/mailman/listinfo/u-boot

Re: [U-Boot] [PATCH] common: cli_simple: use strncpy instead of strcpy

2016-01-09 Thread Peng Fan 
On Sat, Jan 09, 2016 at 09:03:59AM -0500, Tom Rini wrote:
>On Sat, Jan 09, 2016 at 09:31:48PM +0800, Peng Fan wrote:
>
>> Report Coverity log:
>> Destination buffer too small (STRING_OVERFLOW)
>> string_overflow: You might overrun the 1024 byte destination string
>> lastcommand by writing 1025 bytes from console_buffer
>> 
>> Signed-off-by: Peng Fan 
>> Cc: Heiko Schocher 
>> Cc: Simon Glass 
>> Cc: Tom Rini 
>> ---
>>  common/cli_simple.c | 3 ++-
>>  1 file changed, 2 insertions(+), 1 deletion(-)
>> 
>> diff --git a/common/cli_simple.c b/common/cli_simple.c
>> index 9c3d073..c51f963 100644
>> --- a/common/cli_simple.c
>> +++ b/common/cli_simple.c
>> @@ -276,7 +276,8 @@ void cli_simple_loop(void)
>>  
>>  flag = 0;   /* assume no special flags for now */
>>  if (len > 0)
>> -strcpy(lastcommand, console_buffer);
>> +strncpy(lastcommand, console_buffer,
>> +CONFIG_SYS_CBSIZE + 1);
>>  else if (len == 0)
>>  flag |= CMD_FLAG_REPEAT;
>>  #ifdef CONFIG_BOOT_RETRY_TIME
>
>So, long term I would like to see use move to using strlcpy for the
>normal case (it might not make sense when working with various defined
>protocols, etc).  Thanks!

Thanks. Just read this, https://www.sudo.ws/todd/papers/strlcpy.html.
strlcpy is a better choice.

Thanks,
Peng.

>
>-- 
>Tom


___
U-Boot mailing list
U-Boot@lists.denx.de
http://lists.denx.de/mailman/listinfo/u-boot