From 08871d84d06ac1c89b1bfc8e01538a34c4d91aea Mon Sep 17 00:00:00 2001 From: Thomas Jarosch Date: Sat, 29 Oct 2011 15:45:56 +0200 Subject: [PATCH] MIPS: Yosemite, Emma: Fix off-by-two in arcs_cmdline buffer size check Cause is a misplaced bracket. The code strlen(buf+1) will be two bytes less than strlen(buf)+1 The +1 is in this code to reserve space for an additional space character. [ralf@linux-mips.org: Thomas' original patch fixed the issue only for Yosemite but the same bug exists also in Emma.] Signed-off-by: Thomas Jarosch Patchwork: https://patchwork.linux-mips.org/patch/2861/ Signed-off-by: Ralf Baechle --- arch/mips/emma/common/prom.c | 2 +- arch/mips/pmc-sierra/yosemite/prom.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/mips/emma/common/prom.c b/arch/mips/emma/common/prom.c index 708f08761406..cae42259d6da 100644 --- a/arch/mips/emma/common/prom.c +++ b/arch/mips/emma/common/prom.c @@ -50,7 +50,7 @@ void __init prom_init(void) /* arg[0] is "g", the rest is boot parameters */ for (i = 1; i < argc; i++) { - if (strlen(arcs_cmdline) + strlen(arg[i] + 1) + if (strlen(arcs_cmdline) + strlen(arg[i]) + 1 >= sizeof(arcs_cmdline)) break; strcat(arcs_cmdline, arg[i]); diff --git a/arch/mips/pmc-sierra/yosemite/prom.c b/arch/mips/pmc-sierra/yosemite/prom.c index cf4c868715ac..dcc926e06fce 100644 --- a/arch/mips/pmc-sierra/yosemite/prom.c +++ b/arch/mips/pmc-sierra/yosemite/prom.c @@ -102,7 +102,7 @@ void __init prom_init(void) /* Get the boot parameters */ for (i = 1; i < argc; i++) { - if (strlen(arcs_cmdline) + strlen(arg[i] + 1) >= + if (strlen(arcs_cmdline) + strlen(arg[i]) + 1 >= sizeof(arcs_cmdline)) break; -- 2.39.5