TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / hafnium / hafnium.git / 3c351e921de499b36f5c50ae6f0649aad00398c0^! / . / src
commit3c351e921de499b36f5c50ae6f0649aad00398c0[log] [tgz]
authorAndrew Scull <ascull@google.com>Tue Jan 28 11:26:05 2020 +0000
committerAndrew Scull <ascull@google.com>Wed Jan 29 11:19:53 2020 +0000
tree363beada08011466cfde5da7cc8a1d3eba9ef6d9
parent5223043f010b97d6bea2af6ad8331270145993b6 [diff]
Use bounded string functions.

The bounds add a bit of safety in avoiding memory bugs and there are
sensible bounds in the cases we have been using them.

Change-Id: I381e122f356a54e5c0f1e183e521169522bc8aa9

diff --git a/src/arch/aarch64/std.c b/src/arch/aarch64/std.c
index c7f109d..53f70e2 100644
--- a/src/arch/aarch64/std.c
+++ b/src/arch/aarch64/std.c

@@ -87,18 +87,19 @@
 	return 0;
 }
 
-int strcmp(const char *a, const char *b)
+int strncmp(const char *a, const char *b, size_t n)
 {
-	const char *x = a;
-	const char *y = b;
+	char x = 0;
+	char y = 0;
 
-	while (*x != 0 && *y != 0) {
-		if (*x != *y) {
-			return *x - *y;
+	while (n > 0) {
+		x = *a++;
+		y = *b++;
+		if (x == 0 || x != y) {
+			break;
 		}
-		x++;
-		y++;
+		--n;
 	}
 
-	return *x - *y;
+	return x - y;
 }

diff --git a/src/cpio.c b/src/cpio.c
index 58626ec..6cf8757 100644
--- a/src/cpio.c
+++ b/src/cpio.c

@@ -44,6 +44,7 @@
 static bool cpio_next(struct memiter *iter, const char **name,
 		      const void **contents, size_t *size)
 {
+	static const char trailer[] = "TRAILER!!!";
 	size_t len;
 	struct memiter lit = *iter;
 	const struct cpio_header *h = (const struct cpio_header *)lit.next;
@@ -71,7 +72,7 @@
 	/* TODO: Check that string is null-terminated. */
 
 	/* Stop enumerating files when we hit the end marker. */
-	if (!strcmp(*name, "TRAILER!!!")) {
+	if (!strncmp(*name, trailer, sizeof(trailer))) {
 		return false;
 	}
 
@@ -94,7 +95,7 @@
 	struct memiter iter = *cpio;
 
 	while (cpio_next(&iter, &fname, &fcontents, &fsize)) {
-		if (!strcmp(fname, string_data(name))) {
+		if (!strncmp(fname, string_data(name), STRING_MAX_SIZE)) {
 			memiter_init(it, fcontents, fsize);
 			return true;
 		}

diff --git a/src/fdt.c b/src/fdt.c
index d12faf2..752e9d8 100644
--- a/src/fdt.c
+++ b/src/fdt.c

@@ -58,6 +58,8 @@
 #define FDT_VERSION 17
 #define FDT_MAGIC 0xd00dfeed
 
+#define FDT_PROPERTY_NAME_MAX_SIZE 32
+
 #define FDT_TOKEN_ALIGNMENT sizeof(uint32_t)
 
 static void fdt_tokenizer_init(struct fdt_tokenizer *t, const char *strs,
@@ -272,7 +274,7 @@
 	fdt_tokenizer_init(&t, node->strs, node->begin, node->end);
 
 	while (fdt_next_property(&t, &prop_name, buf, size)) {
-		if (!strcmp(prop_name, name)) {
+		if (!strncmp(prop_name, name, FDT_PROPERTY_NAME_MAX_SIZE)) {
 			return true;
 		}
 	}
@@ -363,7 +365,7 @@
 	fdt_skip_properties(&t);
 
 	while (fdt_next_subnode(&t, &name)) {
-		if (!strcmp(name, child)) {
+		if (!strncmp(name, child, FDT_PROPERTY_NAME_MAX_SIZE)) {
 			node->begin = t.cur;
 			return true;
 		}