From patchwork Mon Jun 20 07:51:10 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ladislav Michl X-Patchwork-Id: 637844 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from theia.denx.de (theia.denx.de [85.214.87.163]) by ozlabs.org (Postfix) with ESMTP id 3rY32f5Thnz9sBg for ; Mon, 20 Jun 2016 17:51:22 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by theia.denx.de (Postfix) with ESMTP id 5ECF4A7753; Mon, 20 Jun 2016 09:51:21 +0200 (CEST) Received: from theia.denx.de ([127.0.0.1]) by localhost (theia.denx.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b74Di6oRKyxG; Mon, 20 Jun 2016 09:51:21 +0200 (CEST) Received: from theia.denx.de (localhost [127.0.0.1]) by theia.denx.de (Postfix) with ESMTP id CA5F2A75F2; Mon, 20 Jun 2016 09:51:20 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by theia.denx.de (Postfix) with ESMTP id CBC0EA75F2 for ; Mon, 20 Jun 2016 09:51:18 +0200 (CEST) Received: from theia.denx.de ([127.0.0.1]) by localhost (theia.denx.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KStPFlyO5Sen for ; Mon, 20 Jun 2016 09:51:18 +0200 (CEST) X-policyd-weight: NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5 NOT_IN_BL_NJABL=-1.5 (only DNSBL check requested) Received: from cvs.linux-mips.org (eddie.linux-mips.org [148.251.95.138]) by theia.denx.de (Postfix) with ESMTP id 9713FA752D for ; Mon, 20 Jun 2016 09:51:15 +0200 (CEST) Received: (from localhost user: 'ladis' uid#1021 fake: STDIN (ladis@eddie.linux-mips.org)) by eddie.linux-mips.org id S27041677AbcFTHvPNckwp (ORCPT ); Mon, 20 Jun 2016 09:51:15 +0200 Date: Mon, 20 Jun 2016 09:51:10 +0200 From: Ladislav Michl To: u-boot@lists.denx.de Message-ID: <20160620075110.GE1538@localhost.localdomain> References: <20160620074707.GA1268@localhost.localdomain> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20160620074707.GA1268@localhost.localdomain> User-Agent: Mutt/1.5.23 (2014-03-12) Cc: Scott Wood , Tom Rini Subject: [U-Boot] [PATCH 5/6] cmd: mtdparts: fix null pointer dereference in parse_mtdparts X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.15 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" In case there is no mtdparts variable in relocated environment, NULL is assigned to p, which is later fed to strncpy. Also function parameter mtdparts is completely ignored, so use it in case mtdparts variable is not found in environment. This parameter is checked not to be NULL in caller. Signed-off-by: Ladislav Michl diff --git a/cmd/mtdparts.c b/cmd/mtdparts.c index 3a88a10..995cb87 100644 --- a/cmd/mtdparts.c +++ b/cmd/mtdparts.c @@ -1524,7 +1524,7 @@ static int spread_partitions(void) */ static int parse_mtdparts(const char *const mtdparts) { - const char *p = mtdparts; + const char *p; struct mtd_device *dev; int err = 1; char tmp_parts[MTDPARTS_MAXLEN]; @@ -1538,20 +1538,25 @@ static int parse_mtdparts(const char *const mtdparts) } /* re-read 'mtdparts' variable, mtd_devices_init may be updating env */ - if (gd->flags & GD_FLG_ENV_READY) { + if (gd->flags & GD_FLG_ENV_READY) p = getenv("mtdparts"); - } else { - p = tmp_parts; - getenv_f("mtdparts", tmp_parts, MTDPARTS_MAXLEN); + else { + if (getenv_f("mtdparts", tmp_parts, MTDPARTS_MAXLEN) != -1) + p = tmp_parts; + else + p = NULL; } + if (!p) + p = mtdparts; + if (strncmp(p, "mtdparts=", 9) != 0) { printf("mtdparts variable doesn't start with 'mtdparts='\n"); return err; } p += 9; - while (p && (*p != '\0')) { + while (*p != '\0') { err = 1; if ((device_parse(p, &p, &dev) != 0) || (!dev)) break; @@ -1569,12 +1574,10 @@ static int parse_mtdparts(const char *const mtdparts) list_add_tail(&dev->link, &devices); err = 0; } - if (err == 1) { + if (err == 1) device_delall(&devices); - return 1; - } - return 0; + return err; } /**