Change in coreboot[master]: util/intelmetool: Fix access to deleted data on stack - coreboot-gerrit

31 Mar 2017

Youness Alaoui has uploaded a new change for review. ( https://review.coreboot.org/19066 )
Change subject: util/intelmetool: Fix access to deleted data on stack
......................................................................
util/intelmetool: Fix access to deleted data on stack
pci_me_interface_scan was returning (via argument 'name') a pointer
to the interface name which was stored in a stack variable.
This caused part of the name to be printed as garbage stack data
in some situations if stack data was overwritten.
This moves the name buffer to the calling function so it can be accessed
before it gets overwritten.
Change-Id: I947a4c794ee37fe87e035593eaabcaf963b9875e
Signed-off-by: Youness Alaoui youness.alaoui@puri.sm
---
M util/intelmetool/intelmetool.c
1 file changed, 4 insertions(+), 5 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/66/19066/1

diff --git a/util/intelmetool/intelmetool.c b/util/intelmetool/intelmetool.c
index 45e8c8f..498bf41 100644
--- a/util/intelmetool/intelmetool.c
+++ b/util/intelmetool/intelmetool.c
@@ -152,10 +152,9 @@
    return 0;
 }
-static struct pci_dev *pci_me_interface_scan(char **name) {
+static struct pci_dev *pci_me_interface_scan(char **name, char *namebuf, int namebuf_size) {
    struct pci_access *pacc;
    struct pci_dev *dev;
-	char namebuf[1024];
    int me = 0;
pacc = pci_alloc();
@@ -166,7 +165,7 @@
for (dev=pacc->devices; dev; dev=dev->next) {
    	pci_fill_info(dev, PCI_FILL_IDENT | PCI_FILL_BASES | PCI_FILL_SIZES | PCI_FILL_CLASS);
-		*name = pci_lookup_name(pacc, namebuf, sizeof(namebuf),
+		*name = pci_lookup_name(pacc, namebuf, namebuf_size,
    		PCI_LOOKUP_DEVICE, dev->vendor_id, dev->device_id);
    	if (dev->vendor_id == 0x8086) {
    		if (PCI_DEV_HAS_SUPPORTED_ME(dev->device_id)) {
@@ -226,7 +225,7 @@
 static void dump_me_info() {
    struct pci_dev *dev;
    uint32_t stat, stat2;
-	char *name;
+	char namebuf[1024], *name;
if (pci_platform_scan()) {
    	exit(1);
@@ -236,7 +235,7 @@
    	exit(1);
    }
-	dev = pci_me_interface_scan(&name);
+	dev = pci_me_interface_scan(&name, namebuf, sizeof(namebuf));
    if (!dev) {
    	exit(1);
    }
-- 
To view, visit https://review.coreboot.org/19066
To unsubscribe, visit https://review.coreboot.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I947a4c794ee37fe87e035593eaabcaf963b9875e
Gerrit-PatchSet: 1
Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Owner: Youness Alaoui snifikino@gmail.com


    