Change in vboot[master]: vboot: Avoid insecure data handling - coreboot-gerrit

22 Aug 2019

John Zhao has uploaded this change for review. ( https://review.coreboot.org/c/vboot/+/35021 )
Change subject: vboot: Avoid insecure data handling
......................................................................
vboot: Avoid insecure data handling
Coverity detects the overflowed value "rev" used as return value.
Cast the value "rev" to integer after strtol invocation.
BUG=CID 1401793
TEST=Built and boot up to kernel.
Signed-off-by: John Zhao john.zhao@intel.com
Change-Id: Idcb48d9a8f7c89744c66f50affb5f9acc6aa4c12
---
M futility/updater.c
1 file changed, 1 insertion(+), 1 deletion(-)
git pull ssh://review.coreboot.org:29418/vboot refs/changes/21/35021/1

diff --git a/futility/updater.c b/futility/updater.c
index ef142b8..14dd469 100644
--- a/futility/updater.c
+++ b/futility/updater.c
@@ -234,7 +234,7 @@
/* Result should be 'revN' */
    if (strncmp(result, STR_REV, strlen(STR_REV)) == 0)
-		rev = strtol(result + strlen(STR_REV), NULL, 0);
+		rev = (int)strtol(result + strlen(STR_REV), NULL, 0);
    VB2_DEBUG("Raw data = [%s], parsed version is %d\n", result, rev);
free(result);
-- 
To view, visit https://review.coreboot.org/c/vboot/+/35021
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings

Gerrit-Project: vboot
Gerrit-Branch: master
Gerrit-Change-Id: Idcb48d9a8f7c89744c66f50affb5f9acc6aa4c12
Gerrit-Change-Number: 35021
Gerrit-PatchSet: 1
Gerrit-Owner: John Zhao john.zhao@intel.com
Gerrit-MessageType: newchange



    