diff options
author | Youness Alaoui <kakaroto@kakaroto.homelinux.net> | 2017-03-31 16:21:50 -0400 |
---|---|---|
committer | Nico Huber <nico.h@gmx.de> | 2017-04-04 00:22:29 +0200 |
commit | e0c53af470feae1d7d66dc4aa9d067402a468626 (patch) | |
tree | 8787238682c7043aee7b212a2bddf62847a1f46f | |
parent | fa420b49c5cbce160cfb4f46fc3542589a800a43 (diff) | |
download | coreboot-e0c53af470feae1d7d66dc4aa9d067402a468626.tar.xz |
util/intelmetool: Fix access to deleted data on stack
pci_me_interface_scan was returning (via argument 'name') a pointer
to the interface name which was stored in a stack variable. This
caused part of the name to be printed as garbage stack data in some
situations if stack data was overwritten.
This moves the name buffer to the calling function so it can be accessed
before it gets overwritten.
Change-Id: I947a4c794ee37fe87e035593eaabcaf963b9875e
Signed-off-by: Youness Alaoui <youness.alaoui@puri.sm>
Reviewed-on: https://review.coreboot.org/19066
Tested-by: build bot (Jenkins)
Reviewed-by: Nico Huber <nico.h@gmx.de>
-rw-r--r-- | util/intelmetool/intelmetool.c | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/util/intelmetool/intelmetool.c b/util/intelmetool/intelmetool.c index 45e8c8f7ba..c49c635ca5 100644 --- a/util/intelmetool/intelmetool.c +++ b/util/intelmetool/intelmetool.c @@ -106,7 +106,8 @@ static void dump_me_memory() { static int pci_platform_scan() { struct pci_access *pacc; struct pci_dev *dev; - char namebuf[1024], *name; + char namebuf[1024]; + const char *name; pacc = pci_alloc(); pacc->method = PCI_ACCESS_I386_TYPE1; @@ -152,10 +153,9 @@ static int pci_platform_scan() { return 0; } -static struct pci_dev *pci_me_interface_scan(char **name) { +static struct pci_dev *pci_me_interface_scan(const char **name, char *namebuf, int namebuf_size) { struct pci_access *pacc; struct pci_dev *dev; - char namebuf[1024]; int me = 0; pacc = pci_alloc(); @@ -166,7 +166,7 @@ static struct pci_dev *pci_me_interface_scan(char **name) { for (dev=pacc->devices; dev; dev=dev->next) { pci_fill_info(dev, PCI_FILL_IDENT | PCI_FILL_BASES | PCI_FILL_SIZES | PCI_FILL_CLASS); - *name = pci_lookup_name(pacc, namebuf, sizeof(namebuf), + *name = pci_lookup_name(pacc, namebuf, namebuf_size, PCI_LOOKUP_DEVICE, dev->vendor_id, dev->device_id); if (dev->vendor_id == 0x8086) { if (PCI_DEV_HAS_SUPPORTED_ME(dev->device_id)) { @@ -226,7 +226,8 @@ static int activate_me() { static void dump_me_info() { struct pci_dev *dev; uint32_t stat, stat2; - char *name; + char namebuf[1024]; + const char *name; if (pci_platform_scan()) { exit(1); @@ -236,7 +237,7 @@ static void dump_me_info() { exit(1); } - dev = pci_me_interface_scan(&name); + dev = pci_me_interface_scan(&name, namebuf, sizeof(namebuf)); if (!dev) { exit(1); } |