commit d54f87f09a36ac20154955297b7c999b368b0443
author Neil Armstrong <neil.armstrong@linaro.org> Wed Mar 20 09:46:11 2024 +0100
committer Neil Armstrong <neil.armstrong@linaro.org> Mon Mar 25 09:16:19 2024 +0100
tree 5a943e4734d28d61aba8bd1e97be8c3eeaba59a2
parent 65d5c367b00cb392bda560c3da1834979adcf137

board: amlogic: fix buffler overflow in seria, mac & usid read

While meson_sm_read_efuse() doesn't overflow, the string is not
zero terminated and env_set*() will buffer overflow and add random
characters to environment.

Acked-by: Viacheslav Bocharov <adeep@lexina.in>
Link: https://lore.kernel.org/r/20240320-u-boot-fix-p200-serial-v2-1-972be646a301@linaro.org
Signed-off-by: Neil Armstrong <neil.armstrong@linaro.org>

board/amlogic/beelink-s922x/beelink-s922x.c

diff --git a/board/amlogic/beelink-s922x/beelink-s922x.c b/board/amlogic/beelink-s922x/beelink-s922x.c
index adae27f..c277631 100644
--- a/board/amlogic/beelink-s922x/beelink-s922x.c
+++ b/board/amlogic/beelink-s922x/beelink-s922x.c
@@ -20,7 +20,7 @@
 
 int misc_init_r(void)
 {
-	u8 mac_addr[MAC_ADDR_LEN];
+	u8 mac_addr[MAC_ADDR_LEN + 1];
 	char efuse_mac_addr[EFUSE_MAC_SIZE], tmp[3];
 	ssize_t len;
 
@@ -41,6 +41,7 @@
 			tmp[2] = '\0';
 			mac_addr[i] = hextoul(tmp, NULL);
 		}
+		mac_addr[MAC_ADDR_LEN] = '\0';
 
 		if (is_valid_ethaddr(mac_addr))
 			eth_env_set_enetaddr("ethaddr", mac_addr);