On Mon, Sep 14, 2015 at 12:57:03AM +0200, Lukasz Majewski wrote: > Lets consider following scenario: > - One uses echo -n "key=value" to define environment variable in a file > (single variable) > - The file content is "key=value" without any terminating byte (e.g. 0x0a or > 0x0d). > - The file is loaded to u-boot non zero'ed RAM buffer (with load command). > - Then "env import -t -r $loadaddr $filesize" is executed. > - Due to lack of proper termination byte we have classical example of buffer > overrun. > > This patch prevents from this by allocating one extra byte than size and > explicitly null terminate it. > > There should be no change for normal env import operation after applying > this patch. > > Signed-off-by: Lukasz Majewski <l.majew...@majess.pl>
Applied to u-boot/master, thanks! -- Tom
signature.asc
Description: Digital signature
_______________________________________________ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
