Check fastboot oem command line length

Change-Id: I301af09c4ec460c9049b75cc7f4d2c50cfe00ceb Signed-off-by: Bruce Beare <brucex.j.beare@intel.com>
author: Bruce Beare <brucex.j.beare@intel.com> 2010-07-15 08:52:01 -0700
committer: Bruce Beare <brucex.j.beare@intel.com> 2010-07-15 08:52:01 -0700
commit: 50b3995d027b53f24bbba099b3b6884d5845b614 (patch)
tree: 2b8b01281752c3ee2e4d32a35bcca63a9f0bd69e /fastboot/engine.c
parent: bedaac52a677c152e051c17ef456cc9e43f3812b (diff)
download: core-50b3995d027b53f24bbba099b3b6884d5845b614.tar.gz
core-50b3995d027b53f24bbba099b3b6884d5845b614.tar.bz2
core-50b3995d027b53f24bbba099b3b6884d5845b614.zip
1 files changed, 7 insertions, 1 deletions
diff --git a/fastboot/engine.c b/fastboot/engine.c
index 6d62c6e22..dc74417a7 100644
--- a/fastboot/engine.c
+++ b/fastboot/engine.c
@@ -97,14 +97,20 @@ static Action *queue_action(unsigned op, const char *fmt, ...)
 {
     Action *a;
     va_list ap;
+    size_t cmdsize;
 
     a = calloc(1, sizeof(Action));
     if (a == 0) die("out of memory");
 
     va_start(ap, fmt);
-    vsprintf(a->cmd, fmt, ap);
+    cmdsize = vsnprintf(a->cmd, sizeof(a->cmd), fmt, ap);
     va_end(ap);
 
+    if (cmdsize >= sizeof(a->cmd)) {
+        free(a);
+        die("Command length (%d) exceeds maximum size (%d)", cmdsize, sizeof(a->cmd));
+    }
+
     if (action_last) {
         action_last->next = a;
     } else {
author	Bruce Beare <brucex.j.beare@intel.com>	2010-07-15 08:52:01 -0700
committer	Bruce Beare <brucex.j.beare@intel.com>	2010-07-15 08:52:01 -0700
commit	50b3995d027b53f24bbba099b3b6884d5845b614 (patch)
tree	2b8b01281752c3ee2e4d32a35bcca63a9f0bd69e /fastboot/engine.c
parent	bedaac52a677c152e051c17ef456cc9e43f3812b (diff)
download	core-50b3995d027b53f24bbba099b3b6884d5845b614.tar.gz core-50b3995d027b53f24bbba099b3b6884d5845b614.tar.bz2 core-50b3995d027b53f24bbba099b3b6884d5845b614.zip