board: amlogic: fix buffler overflow in seria, mac & usid read
While meson_sm_read_efuse() doesn't overflow, the string is not
zero terminated and env_set*() will buffer overflow and add random
characters to environment.
Acked-by: Viacheslav Bocharov <adeep@lexina.in>
Link: https://lore.kernel.org/r/20240320-u-boot-fix-p200-serial-v2-1-972be646a301@linaro.org
Signed-off-by: Neil Armstrong <neil.armstrong@linaro.org>
diff --git a/board/amlogic/p212/p212.c b/board/amlogic/p212/p212.c
index fcef90b..f6e60ae 100644
--- a/board/amlogic/p212/p212.c
+++ b/board/amlogic/p212/p212.c
@@ -22,13 +22,14 @@
int misc_init_r(void)
{
- u8 mac_addr[EFUSE_MAC_SIZE];
- char serial[EFUSE_SN_SIZE];
+ u8 mac_addr[EFUSE_MAC_SIZE + 1];
+ char serial[EFUSE_SN_SIZE + 1];
ssize_t len;
if (!eth_env_get_enetaddr("ethaddr", mac_addr)) {
len = meson_sm_read_efuse(EFUSE_MAC_OFFSET,
mac_addr, EFUSE_MAC_SIZE);
+ mac_addr[len] = '\0';
if (len == EFUSE_MAC_SIZE && is_valid_ethaddr(mac_addr))
eth_env_set_enetaddr("ethaddr", mac_addr);
else
@@ -38,6 +39,7 @@
if (!env_get("serial#")) {
len = meson_sm_read_efuse(EFUSE_SN_OFFSET, serial,
EFUSE_SN_SIZE);
+ serial[len] = '\0';
if (len == EFUSE_SN_SIZE)
env_set("serial#", serial);
}