DM: Fix potential buffer overflow and uninitialized variable

- @'rpmb_check_frame()', avoid buffer overflow access when calling 'memcmp()' Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
2025-09-13 04:50:07 +00:00 · 2018-07-12 18:07:00 +08:00
parent 194fd8ba1e
commit 83361018b5
2 changed files with 7 additions and 2 deletions
--- a/devicemodel/hw/platform/rpmb/rpmb_backend.c
+++ b/devicemodel/hw/platform/rpmb/rpmb_backend.c
@@ -180,6 +180,7 @@ static int rpmb_check_frame(const char *cmd_str, int *err,
 {
 	uint32_t i;
 	uint8_t mac[32];
+	size_t len;

 	for (i = 0; i < frame_cnt; i++) {
 		if (write_counter && *write_counter != swap32(frames[i].write_counter)) {
@@ -203,7 +204,11 @@ static int rpmb_check_frame(const char *cmd_str, int *err,
 		return -1;
 	}

-	if (addr && !memcmp(cmd_str, WRITE_DATA_STR, sizeof(WRITE_DATA_STR))) {
+	len = strlen(cmd_str) + 1;
+	if (len > sizeof(WRITE_DATA_STR))
+		len = sizeof(WRITE_DATA_STR);
+
+	if (addr && !memcmp(cmd_str, WRITE_DATA_STR, len)) {
 		if (*addr < get_common_blocks()) {
 			*err = RPMB_RES_WRITE_FAILURE;
 			DPRINTF(("%s: Common block is read only\n", cmd_str));