hush shell: Avoid string write overflow when entering max cmd length

console_buffer array is defined to be CONFIG_SYS_CBSIZE + 1 long, whereas the_command array only CONFIG_SYS_CBSIZE long. Subsequent use of strcpy(the_command, console_buffer) will write final \0 terminating byte outside the_command array when entering a command of max length. Signed-off-by: Kristian Otnes <kotnes <at> cisco <dot> com>
10 years ago · 5c50a92bbe
parent bf69d66423
commit 5c50a92bbe
1 changed files with 1 additions and 1 deletions
--- a/common/hush.c
+++ b/common/hush.c
@ -996,7 +996,7 @@ static void get_user_input(struct in_str *i)
 	i->p = the_command;
 #else
 	int n;
-	static char the_command[CONFIG_SYS_CBSIZE];
+	static char the_command[CONFIG_SYS_CBSIZE + 1];

 #ifdef CONFIG_BOOT_RETRY_TIME
 #  ifndef CONFIG_RESET_TO_RETRY