From e874207134e9d2d5958636f7f32b60e5441ab320 Mon Sep 17 00:00:00 2001 From: Dileep Katta Date: Fri, 13 Feb 2015 14:33:42 +0800 Subject: fastboot: Correct fastboot_fail and fastboot_okay strings If the string is copied without NULL termination using strncpy(), then strncat() on the next line, may concatenate the string after some stale (or random) data, if the response string was not zero-initialized. Signed-off-by: Dileep Katta Reviewed-by: Steve Rae Reviewed-by: Lukasz Majewski diff --git a/common/fb_mmc.c b/common/fb_mmc.c index 513b7ab..75899e4 100644 --- a/common/fb_mmc.c +++ b/common/fb_mmc.c @@ -23,13 +23,13 @@ static char *response_str; void fastboot_fail(const char *s) { - strncpy(response_str, "FAIL", 4); + strncpy(response_str, "FAIL\0", 5); strncat(response_str, s, RESPONSE_LEN - 4 - 1); } void fastboot_okay(const char *s) { - strncpy(response_str, "OKAY", 4); + strncpy(response_str, "OKAY\0", 5); strncat(response_str, s, RESPONSE_LEN - 4 - 1); } -- cgit v0.10.2