summaryrefslogtreecommitdiff
path: root/util
diff options
context:
space:
mode:
authorYouness Alaoui <kakaroto@kakaroto.homelinux.net>2017-03-31 16:21:50 -0400
committerNico Huber <nico.h@gmx.de>2017-04-04 00:22:29 +0200
commite0c53af470feae1d7d66dc4aa9d067402a468626 (patch)
tree8787238682c7043aee7b212a2bddf62847a1f46f /util
parentfa420b49c5cbce160cfb4f46fc3542589a800a43 (diff)
downloadcoreboot-e0c53af470feae1d7d66dc4aa9d067402a468626.tar.xz
util/intelmetool: Fix access to deleted data on stack
pci_me_interface_scan was returning (via argument 'name') a pointer to the interface name which was stored in a stack variable. This caused part of the name to be printed as garbage stack data in some situations if stack data was overwritten. This moves the name buffer to the calling function so it can be accessed before it gets overwritten. Change-Id: I947a4c794ee37fe87e035593eaabcaf963b9875e Signed-off-by: Youness Alaoui <youness.alaoui@puri.sm> Reviewed-on: https://review.coreboot.org/19066 Tested-by: build bot (Jenkins) Reviewed-by: Nico Huber <nico.h@gmx.de>
Diffstat (limited to 'util')
-rw-r--r--util/intelmetool/intelmetool.c13
1 files changed, 7 insertions, 6 deletions
diff --git a/util/intelmetool/intelmetool.c b/util/intelmetool/intelmetool.c
index 45e8c8f7ba..c49c635ca5 100644
--- a/util/intelmetool/intelmetool.c
+++ b/util/intelmetool/intelmetool.c
@@ -106,7 +106,8 @@ static void dump_me_memory() {
static int pci_platform_scan() {
struct pci_access *pacc;
struct pci_dev *dev;
- char namebuf[1024], *name;
+ char namebuf[1024];
+ const char *name;
pacc = pci_alloc();
pacc->method = PCI_ACCESS_I386_TYPE1;
@@ -152,10 +153,9 @@ static int pci_platform_scan() {
return 0;
}
-static struct pci_dev *pci_me_interface_scan(char **name) {
+static struct pci_dev *pci_me_interface_scan(const char **name, char *namebuf, int namebuf_size) {
struct pci_access *pacc;
struct pci_dev *dev;
- char namebuf[1024];
int me = 0;
pacc = pci_alloc();
@@ -166,7 +166,7 @@ static struct pci_dev *pci_me_interface_scan(char **name) {
for (dev=pacc->devices; dev; dev=dev->next) {
pci_fill_info(dev, PCI_FILL_IDENT | PCI_FILL_BASES | PCI_FILL_SIZES | PCI_FILL_CLASS);
- *name = pci_lookup_name(pacc, namebuf, sizeof(namebuf),
+ *name = pci_lookup_name(pacc, namebuf, namebuf_size,
PCI_LOOKUP_DEVICE, dev->vendor_id, dev->device_id);
if (dev->vendor_id == 0x8086) {
if (PCI_DEV_HAS_SUPPORTED_ME(dev->device_id)) {
@@ -226,7 +226,8 @@ static int activate_me() {
static void dump_me_info() {
struct pci_dev *dev;
uint32_t stat, stat2;
- char *name;
+ char namebuf[1024];
+ const char *name;
if (pci_platform_scan()) {
exit(1);
@@ -236,7 +237,7 @@ static void dump_me_info() {
exit(1);
}
- dev = pci_me_interface_scan(&name);
+ dev = pci_me_interface_scan(&name, namebuf, sizeof(namebuf));
if (!dev) {
exit(1);
}