Attention is currently required from: Xiang Wang, Stefan Reinauer, Edward O'Callaghan.

Xiang Wang uploaded patch set #2 to this change.

View Change

helpers.c: Fix undefined behavior in strndup()

Using strlen() or strdup() inside strndup() is problematic: if the
input string is not null-terminated, these functions can read past the
end of the buffer, which triggers undefined behavior. Rewrite the
function to never read past the provided `maxlen` bound.

Change-Id: Id34127024085879228626fbad59af03268ec5255
Signed-off-by: Xiang Wang <merle@hardenedliux.org>
---
M helpers.c
1 file changed, 9 insertions(+), 8 deletions(-)

git pull ssh://review.coreboot.org:29418/flashrom refs/changes/41/49741/2

To view, visit change 49741. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-Project: flashrom
Gerrit-Branch: master
Gerrit-Change-Id: Id34127024085879228626fbad59af03268ec5255
Gerrit-Change-Number: 49741
Gerrit-PatchSet: 2
Gerrit-Owner: Xiang Wang <merle@hardenedlinux.org>
Gerrit-Reviewer: Edward O'Callaghan <quasisec@chromium.org>
Gerrit-Reviewer: Stefan Reinauer <stefan.reinauer@coreboot.org>
Gerrit-Reviewer: build bot (Jenkins) <no-reply@coreboot.org>
Gerrit-CC: Angel Pons <th3fanbus@gmail.com>
Gerrit-CC: Shawn C <citypw@hardenedlinux.org>
Gerrit-Attention: Xiang Wang <merle@hardenedlinux.org>
Gerrit-Attention: Stefan Reinauer <stefan.reinauer@coreboot.org>
Gerrit-Attention: Edward O'Callaghan <quasisec@chromium.org>
Gerrit-MessageType: newpatchset