pxe: simplify label_boot() Coverity CID 131256 indicates a possible buffer overflow in label_boot(). This would only occur if the size of the downloaded file would exceed 4 GiB. But anyway we can simplify the code by using snprintf() and checking the return value. Addresses-Coverity-ID: 131256 ("Security best practices violations (STRING_OVERFLOW)") Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ramon Fried <rfried.dev@gmail.com> Reviewed-by: Artem Lapkin <email2tema@gmail.com>

commit: a8d6aed3699e8721cc7163ad09027197443e8203 [log] [tgz]
author: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Mon Nov 15 19:26:51 2021 +0100
committer: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Mon Jul 18 17:21:49 2022 +0200
tree: aac6a821e06f8f567979e47314fba75f73430de1
parent: 01ce8eb603ffc33efb8c6dd76ad66acc9087316b [diff]
diff --git a/boot/pxe_utils.c b/boot/pxe_utils.c
index b08aee9..defbe46 100644
--- a/boot/pxe_utils.c
+++ b/boot/pxe_utils.c

@@ -532,11 +532,10 @@
 		}
 
 		initrd_addr_str = env_get("ramdisk_addr_r");
-		strcpy(initrd_filesize, simple_xtoa(size));
-
-		strncpy(initrd_str, initrd_addr_str, 18);
-		strcat(initrd_str, ":");
-		strncat(initrd_str, initrd_filesize, 9);
+		size = snprintf(initrd_str, sizeof(initrd_str), "%s:%lx",
+				initrd_addr_str, size);
+		if (size >= sizeof(initrd_str))
+			return 1;
 	}
 
 	if (get_relfile_envaddr(ctx, label->kernel, "kernel_addr_r",
commit	a8d6aed3699e8721cc7163ad09027197443e8203	[log] [tgz]
author	Heinrich Schuchardt <heinrich.schuchardt@canonical.com>	Mon Nov 15 19:26:51 2021 +0100
committer	Heinrich Schuchardt <heinrich.schuchardt@canonical.com>	Mon Jul 18 17:21:49 2022 +0200
tree	aac6a821e06f8f567979e47314fba75f73430de1
parent	01ce8eb603ffc33efb8c6dd76ad66acc9087316b [diff]