From 6da11cc81ea773d9a1e3059da311c6f2e2aeb6ef Mon Sep 17 00:00:00 2001 From: Heinrich Schuchardt Date: Fri, 29 Sep 2023 02:47:17 +0200 Subject: stdio: fix stdio_deregister_dev() When copying the name of a stdio device we must ensure that it is NUL terminated before passing it to strcmp() to avoid a buffer overrun. Truncating the name field leads to failure to deregister a stdio device. When copying we must ensure that the name field sizes match. Addresses-Coverity-ID: 350462 String not null terminated Fixes: 5294e97832a6 ("stdio: extend "name" to 32 symbols") Signed-off-by: Heinrich Schuchardt Reviewed-by: Simon Glass --- include/stdio_dev.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'include/stdio_dev.h') diff --git a/include/stdio_dev.h b/include/stdio_dev.h index 7f181020524..4e3c4708f80 100644 --- a/include/stdio_dev.h +++ b/include/stdio_dev.h @@ -17,6 +17,7 @@ #define DEV_FLAGS_INPUT 0x00000001 /* Device can be used as input console */ #define DEV_FLAGS_OUTPUT 0x00000002 /* Device can be used as output console */ #define DEV_FLAGS_DM 0x00000004 /* Device priv is a struct udevice * */ +#define STDIO_NAME_LEN 32 int stdio_file_to_flags(const int file); @@ -24,7 +25,7 @@ int stdio_file_to_flags(const int file); struct stdio_dev { int flags; /* Device flags: input/output/system */ int ext; /* Supported extensions */ - char name[32]; /* Device name */ + char name[STDIO_NAME_LEN]; /* Device name */ /* GENERAL functions */ -- cgit v1.2.3