From patchwork Fri Oct  3 13:29:01 2014
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ian Campbell <ijc@hellion.org.uk>
X-Patchwork-Id: 38315
Return-Path: <patchwork-forward+bncBC4Y5F6PT4PBBL6JXKQQKGQEVIRVKIA@linaro.org>
X-Original-To: linaro@patches.linaro.org
Delivered-To: linaro@patches.linaro.org
Received: from mail-la0-f69.google.com (mail-la0-f69.google.com
 [209.85.215.69])
 by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id 4F0AD2057C
 for <linaro@patches.linaro.org>; Fri,  3 Oct 2014 13:29:20 +0000 (UTC)
Received: by mail-la0-f69.google.com with SMTP id q1sf693687lam.4
 for <linaro@patches.linaro.org>; Fri, 03 Oct 2014 06:29:19 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:delivered-to:from:to:date:message-id
 :mime-version:cc:subject:precedence:list-id:list-unsubscribe
 :list-archive:list-post:list-help:list-subscribe:sender:errors-to
 :x-original-sender:x-original-authentication-results:mailing-list
 :content-type:content-transfer-encoding;
 bh=8m/8i2oYl3ZD1tHPQnkDIcrpjVpRZ668aW9fdLHdSLY=;
 b=RUm/CHBBH1e5XVJpbu+cYBHFjotLV+LGRqwy8E3LAOZRSShOk5xedwMowWseI6J1nJ
 FmtPm2cgomxns3hFIye8XtcaTIUzuUoUSqHJwLI7Ym3CnZE3QKmYKiOShpv5KjAeBuW+
 pZVkHjOPXXriNL3CnuoJWCb2hdoky219duUH9ZVYeUScZfejR8l7MT4v9ZEM1Cvyrh1a
 41UQNYBsgwyd+0zC79sncbPD/C0kXhX5B/OsdP1oePXjim/YnhDdPdrWAiqR4xPysjR8
 ZkCysVC+mLipp1vl8xfbuDzGjmyPhtxWEYsbcr+KGiYaj5/SmRnT28kQy3ZIQDOw83di
 94ng==
X-Gm-Message-State: ALoCoQmQPi1pIH2bVyPOeYYGaUvP+dtV8DAcDPu/kLyyyFGf9MPZkDX+WPmdN0RbYs8n5cyiHlBQ
X-Received: by 10.181.9.73 with SMTP id dq9mr1831603wid.2.1412342959107;
 Fri, 03 Oct 2014 06:29:19 -0700 (PDT)
X-BeenThere: patchwork-forward@linaro.org
Received: by 10.152.7.230 with SMTP id m6ls185945laa.89.gmail; Fri, 03 Oct
 2014 06:29:18 -0700 (PDT)
X-Received: by 10.112.235.70 with SMTP id uk6mr5485350lbc.89.1412342958921; 
 Fri, 03 Oct 2014 06:29:18 -0700 (PDT)
Received: from mail-lb0-f181.google.com (mail-lb0-f181.google.com
 [209.85.217.181]) by mx.google.com with ESMTPS id
 z8si11084994lbf.132.2014.10.03.06.29.18
 for <patchwork-forward@linaro.org>
 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
 Fri, 03 Oct 2014 06:29:18 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 patch+caf_=patchwork-forward=linaro.org@linaro.org designates
 209.85.217.181 as permitted sender) client-ip=209.85.217.181; 
Received: by mail-lb0-f181.google.com with SMTP id l4so970337lbv.26
 for <patchwork-forward@linaro.org>;
 Fri, 03 Oct 2014 06:29:18 -0700 (PDT)
X-Received: by 10.153.6.36 with SMTP id cr4mr6080417lad.40.1412342958615;
 Fri, 03 Oct 2014 06:29:18 -0700 (PDT)
X-Forwarded-To: patchwork-forward@linaro.org
X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org
Delivered-To: patch@linaro.org
Received: by 10.112.130.169 with SMTP id of9csp226519lbb;
 Fri, 3 Oct 2014 06:29:18 -0700 (PDT)
X-Received: by 10.180.107.100 with SMTP id hb4mr12220166wib.59.1412342958047; 
 Fri, 03 Oct 2014 06:29:18 -0700 (PDT)
Received: from theia.denx.de (theia.denx.de. [85.214.87.163])
 by mx.google.com with ESMTP id br7si2089454wib.34.2014.10.03.06.29.17
 for <multiple recipients>; Fri, 03 Oct 2014 06:29:18 -0700 (PDT)
Received-SPF: none (google.com: u-boot-bounces@lists.denx.de does not
 designate permitted sender hosts) client-ip=85.214.87.163; 
Received: from localhost (localhost [127.0.0.1])
 by theia.denx.de (Postfix) with ESMTP id 5C21C4B64D;
 Fri,  3 Oct 2014 15:29:16 +0200 (CEST)
Received: from theia.denx.de ([127.0.0.1])
 by localhost (theia.denx.de [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id NBzBh2LIHih2; Fri,  3 Oct 2014 15:29:15 +0200 (CEST)
Received: from theia.denx.de (localhost [127.0.0.1])
 by theia.denx.de (Postfix) with ESMTP id 353754B634;
 Fri,  3 Oct 2014 15:29:15 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
 by theia.denx.de (Postfix) with ESMTP id F1E7E4B634
 for <u-boot@lists.denx.de>; Fri,  3 Oct 2014 15:29:10 +0200 (CEST)
Received: from theia.denx.de ([127.0.0.1])
 by localhost (theia.denx.de [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id rPj68FoClhZs for <u-boot@lists.denx.de>;
 Fri,  3 Oct 2014 15:29:10 +0200 (CEST)
X-policyd-weight: NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5
 NOT_IN_BL_NJABL=-1.5 (only DNSBL check requested)
Received: from SMTP.CITRIX.COM (smtp.citrix.com [66.165.176.89])
 by theia.denx.de (Postfix) with ESMTPS id 5C2474B632
 for <u-boot@lists.denx.de>; Fri,  3 Oct 2014 15:29:06 +0200 (CEST)
X-IronPort-AV: E=Sophos;i="5.04,647,1406592000"; d="scan'208";a="177875169"
Received: from ukmail1.uk.xensource.com (10.80.16.128) by smtprelay.citrix.com
 (10.13.107.79) with Microsoft SMTP Server id 14.3.181.6;
 Fri, 3 Oct 2014 09:29:02 -0400
Received: from kazak.uk.xensource.com ([10.80.2.80]
 helo=zakaz.uk.xensource.com)	by ukmail1.uk.xensource.com with smtp
 (Exim 4.69)	(envelope-from <ijc@hellion.org.uk>)	id 1Xa2ur-0007CS-Ij; 
 Fri, 03 Oct 2014 14:29:02 +0100
Received: by zakaz.uk.xensource.com (sSMTP sendmail emulation); Fri, 03 Oct
 2014 14:29:01 +0100
From: Ian Campbell <ijc@hellion.org.uk>
To: <u-boot@lists.denx.de>, Joe Hershberger <joe.hershberger@gmail.com>, Tom
 Rini <trini@ti.com>
Date: Fri, 3 Oct 2014 14:29:01 +0100
Message-ID: <1412342941-32498-1-git-send-email-ijc@hellion.org.uk>
X-Mailer: git-send-email 2.1.0
MIME-Version: 1.0
X-DLP: MIA1
Cc: Ian Campbell <ian.campbell@citrix.com>
Subject: [U-Boot] [PATCH for-v2014.10?] pxe: Ensure we don't overflow bootargs
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: <patchwork-forward.linaro.org>
List-Unsubscribe: <mailto:googlegroups-manage+836684582541+unsubscribe@googlegroups.com>, 
 <http://groups.google.com/a/linaro.org/group/patchwork-forward/subscribe>
List-Archive: <http://groups.google.com/a/linaro.org/group/patchwork-forward/>
List-Post: <http://groups.google.com/a/linaro.org/group/patchwork-forward/post>, 
 <mailto:patchwork-forward@linaro.org>
List-Help: <http://support.google.com/a/linaro.org/bin/topic.py?topic=25838>, 
 <mailto:patchwork-forward+help@linaro.org>
List-Subscribe: <http://lists.denx.de/mailman/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
Sender: u-boot-bounces@lists.denx.de
Errors-To: u-boot-bounces@lists.denx.de
X-Removed-Original-Auth: Dkim didn't pass.
X-Original-Sender: ijc@hellion.org.uk
X-Original-Authentication-Results: mx.google.com; spf=pass (google.com:
 domain of
 patch+caf_=patchwork-forward=linaro.org@linaro.org designates
 209.85.217.181 as permitted sender)
 smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org
Mailing-list: list patchwork-forward@linaro.org;
 contact patchwork-forward+owners@linaro.org
X-Google-Group-Id: 836684582541

From: Ian Campbell <ian.campbell@citrix.com>

On a couple of platforms I've tripped over long PXE append lines overflowing
this array, due to having CONFIG_SYS_CBSIZE == 256. When doing preseeded Debian
installs it's pretty trivial to exceed that.

Since the symptom can be a silent hang or a crash add a check. Of course the
affected boards would also need an increased CBSIZE to actually work.

Note that due to the printing of the final bootargs string CONFIG_SYS_PBSIZE
also needs to be sufficiently large.

Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
---
I think this is v2014.10 material?
---
 common/cmd_pxe.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/common/cmd_pxe.c b/common/cmd_pxe.c
index 0ab1e0a..e63a031 100644
--- a/common/cmd_pxe.c
+++ b/common/cmd_pxe.c
@@ -674,6 +674,15 @@ static int label_boot(cmd_tbl_t *cmdtp, struct pxe_label *label)
 		char bootargs[CONFIG_SYS_CBSIZE] = "";
 		char finalbootargs[CONFIG_SYS_CBSIZE];
 
+		if (strlen(label->append ?: "") +
+		    strlen(ip_str) + strlen(mac_str) + 1 > sizeof(bootargs)) {
+			printf("bootarg overflow %d+%d+%d+1 > %zd\n",
+			       strlen(label->append ?: ""),
+			       strlen(ip_str), strlen(mac_str),
+			       sizeof(bootargs));
+			return 1;
+		}
+
 		if (label->append)
 			strcpy(bootargs, label->append);
 		strcat(bootargs, ip_str);