disk: efi: buffer overflow in part_get_info_efi() In part_get_info_efi() we use the output of print_efiname() to set info->name[]. The size of info->name is PART_NAME_LEN = 32 but print_efiname() returns a string with a maximum length of PARTNAME_SZ + 1 = 37. Use snprintf() instead of sprintf() to avoid buffer overflow. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

commit: 5375ee508fead38c733a56b394db7bae86435390 [log] [tgz]
author: Heinrich Schuchardt <xypron.glpk@gmx.de> Fri Jul 05 21:27:13 2019 +0200
committer: Heinrich Schuchardt <xypron.glpk@gmx.de> Sat Jul 06 21:25:31 2019 +0200
tree: bb2d16029c7425f2314ec2dee3d5c17f4c3b84d7
parent: 1f83431f0053f6fb20c511c391ffc687433848cf [diff]
diff --git a/disk/part_efi.c b/disk/part_efi.c
index c0fa753..3e02669 100644
--- a/disk/part_efi.c
+++ b/disk/part_efi.c

@@ -313,8 +313,8 @@
 		     - info->start;
 	info->blksz = dev_desc->blksz;
 
-	sprintf((char *)info->name, "%s",
-			print_efiname(&gpt_pte[part - 1]));
+	snprintf((char *)info->name, sizeof(info->name), "%s",
+		 print_efiname(&gpt_pte[part - 1]));
 	strcpy((char *)info->type, "U-Boot");
 	info->bootable = is_bootable(&gpt_pte[part - 1]);
 #if CONFIG_IS_ENABLED(PARTITION_UUIDS)
commit	5375ee508fead38c733a56b394db7bae86435390	[log] [tgz]
author	Heinrich Schuchardt <xypron.glpk@gmx.de>	Fri Jul 05 21:27:13 2019 +0200
committer	Heinrich Schuchardt <xypron.glpk@gmx.de>	Sat Jul 06 21:25:31 2019 +0200
tree	bb2d16029c7425f2314ec2dee3d5c17f4c3b84d7
parent	1f83431f0053f6fb20c511c391ffc687433848cf [diff]