From d5720079d5d1013024a20e8f4c93b2331cecbd59 Mon Sep 17 00:00:00 2001
From: Jiaqing Zhao <jiaqing.zhao@linux.intel.com>
Date: Mon, 3 Jul 2023 06:10:44 +0000
Subject: [PATCH] dm: passthrough: check romfile path length in command

This patch checks the romfile path length in command line to avoid
possible buffer overflow, maximum path supported is 255 characters.

Tracked-On: #8439
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@linux.intel.com>
Reviewed-by: Jian Jun Chen <jian.jun.chen@intel.com>
---
 devicemodel/hw/pci/passthrough.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/devicemodel/hw/pci/passthrough.c b/devicemodel/hw/pci/passthrough.c
index 5cc652b2d..ec638d436 100644
--- a/devicemodel/hw/pci/passthrough.c
+++ b/devicemodel/hw/pci/passthrough.c
@@ -744,7 +744,11 @@ passthru_init(struct vmctx *ctx, struct pci_vdev *dev, char *opts)
 		} else if (!strncmp(opt, "romfile=", 8)) {
 			need_rombar = true;
 			opt += 8;
-			strcpy(rom_file, opt);
+			if (strnlen(opt, PATH_MAX) >= sizeof(rom_file)) {
+				pr_err("romfile path too long, max supported path length is 255");
+				return -EINVAL;
+			}
+			strncpy(rom_file, opt, sizeof(rom_file));
 		} else
 			pr_warn("Invalid passthru options:%s", opt);
 	}