In part_get_info_efi() we use the output of print_efiname() to set
info->name[]. The size of info->name is PART_NAME_LEN = 32 but
print_efiname() returns a string with a maximum length of
PARTNAME_SZ + 1 = 37.
Use snprintf() instead of sprintf() to avoid buffer overflow.
Signed-off-by: Heinrich Schuchardt <xypron.g...@gmx.de>
---
disk/part_efi.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/disk/part_efi.c b/disk/part_efi.c
index c0fa753339..8626d4ee7b 100644
--- a/disk/part_efi.c
+++ b/disk/part_efi.c
@@ -313,7 +313,7 @@ int part_get_info_efi(struct blk_desc *dev_desc, int part,
- info->start;
info->blksz = dev_desc->blksz;
- sprintf((char *)info->name, "%s",
+ snprintf((char *)info->name, sizeof(info->name), "%s",
print_efiname(&gpt_pte[part - 1]));
strcpy((char *)info->type, "U-Boot");
info->bootable = is_bootable(&gpt_pte[part - 1]);
--
2.20.1
_______________________________________________
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot
