From 7d7ce4125f769a21a321c3df972272c5854d54f7 Mon Sep 17 00:00:00 2001 From: wdenk Date: Wed, 17 Mar 2004 01:13:07 +0000 Subject: Patch by Pierre Aubert, 15 Mar 2004: Fix buffer overflow in IDE identification --- common/cmd_ide.c | 42 +++++++++++++++++++++++------------------- 1 file changed, 23 insertions(+), 19 deletions(-) (limited to 'common') diff --git a/common/cmd_ide.c b/common/cmd_ide.c index 2b8b2bc946..8644d986b5 100644 --- a/common/cmd_ide.c +++ b/common/cmd_ide.c @@ -1410,27 +1410,31 @@ WR_OUT: /* * copy src to dest, skipping leading and trailing blanks and null * terminate the string + * "len" is the size of available memory including the terminating '\0' */ -static void ident_cpy (unsigned char *dest, unsigned char *src, unsigned int len) +static void ident_cpy (unsigned char *dst, unsigned char *src, unsigned int len) { - int start,end; - - start=0; - while (startstart) { - if (src[end]!=' ') - break; - end--; - } - for ( ; start<=end; start++) { - *dest++=src[start]; - } - *dest='\0'; + unsigned char *end, *last; + + last = dst; + end = src + len; + + /* reserve space for '\0' */ + if (len < 2) + goto OUT; + + /* skip leading white space */ + while ((*src) && (src