[PATCH master 2/3] common: readline: fix possible buffer overflows

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Entering very long lines can crash the readline prompt due to missing
NUL terminator. Make sure we don't exceed CONFIG_CBSIZE to avoid this.

Signed-off-by: Ahmad Fatoum <a.fatoum@xxxxxxxxxxxxxx>
---
 commands/readline.c | 2 +-
 common/hush.c       | 2 +-
 common/parser.c     | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/commands/readline.c b/commands/readline.c
index 7933a58c08b4..57c8fbd7bc80 100644
--- a/commands/readline.c
+++ b/commands/readline.c
@@ -19,7 +19,7 @@ static int do_readline(int argc, char *argv[])
 
 	command_slice_release();
 
-	if (readline(argv[1], buf, CONFIG_CBSIZE) < 0) {
+	if (readline(argv[1], buf, CONFIG_CBSIZE - 1) < 0) {
 		command_slice_acquire();
 		free(buf);
 		return COMMAND_ERROR;
diff --git a/common/hush.c b/common/hush.c
index 763e6cf74bbc..0475401321d1 100644
--- a/common/hush.c
+++ b/common/hush.c
@@ -451,7 +451,7 @@ static void get_user_input(struct in_str *i)
 
 	command_slice_release();
 
-	n = readline(prompt, console_buffer, CONFIG_CBSIZE);
+	n = readline(prompt, console_buffer, CONFIG_CBSIZE - 1);
 
 	command_slice_acquire();
 
diff --git a/common/parser.c b/common/parser.c
index fb9ef42e7fab..584d4b0efece 100644
--- a/common/parser.c
+++ b/common/parser.c
@@ -270,7 +270,7 @@ int run_shell(void)
 	login();
 
 	for (;;) {
-		len = readline (CONFIG_PROMPT, console_buffer, CONFIG_CBSIZE);
+		len = readline (CONFIG_PROMPT, console_buffer, CONFIG_CBSIZE - 1);
 
 		if (len > 0)
 			strcpy (lastcommand, console_buffer);
-- 
2.29.2


_______________________________________________
barebox mailing list
barebox@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/barebox



[Index of Archives]     [Linux Embedded]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux