Use bounded string functions.
The bounds add a bit of safety in avoiding memory bugs and there are
sensible bounds in the cases we have been using them.
Change-Id: I381e122f356a54e5c0f1e183e521169522bc8aa9
diff --git a/inc/hf/arch/std.h b/inc/hf/arch/std.h
index 8e9c2ed..45fd441 100644
--- a/inc/hf/arch/std.h
+++ b/inc/hf/arch/std.h
@@ -23,7 +23,7 @@
int memcmp(const void *a, const void *b, size_t n);
-int strcmp(const char *a, const char *b);
+int strncmp(const char *a, const char *b, size_t n);
#define ctz(x) __builtin_ctz(x)
diff --git a/src/arch/aarch64/std.c b/src/arch/aarch64/std.c
index c7f109d..53f70e2 100644
--- a/src/arch/aarch64/std.c
+++ b/src/arch/aarch64/std.c
@@ -87,18 +87,19 @@
return 0;
}
-int strcmp(const char *a, const char *b)
+int strncmp(const char *a, const char *b, size_t n)
{
- const char *x = a;
- const char *y = b;
+ char x = 0;
+ char y = 0;
- while (*x != 0 && *y != 0) {
- if (*x != *y) {
- return *x - *y;
+ while (n > 0) {
+ x = *a++;
+ y = *b++;
+ if (x == 0 || x != y) {
+ break;
}
- x++;
- y++;
+ --n;
}
- return *x - *y;
+ return x - y;
}
diff --git a/src/cpio.c b/src/cpio.c
index 58626ec..6cf8757 100644
--- a/src/cpio.c
+++ b/src/cpio.c
@@ -44,6 +44,7 @@
static bool cpio_next(struct memiter *iter, const char **name,
const void **contents, size_t *size)
{
+ static const char trailer[] = "TRAILER!!!";
size_t len;
struct memiter lit = *iter;
const struct cpio_header *h = (const struct cpio_header *)lit.next;
@@ -71,7 +72,7 @@
/* TODO: Check that string is null-terminated. */
/* Stop enumerating files when we hit the end marker. */
- if (!strcmp(*name, "TRAILER!!!")) {
+ if (!strncmp(*name, trailer, sizeof(trailer))) {
return false;
}
@@ -94,7 +95,7 @@
struct memiter iter = *cpio;
while (cpio_next(&iter, &fname, &fcontents, &fsize)) {
- if (!strcmp(fname, string_data(name))) {
+ if (!strncmp(fname, string_data(name), STRING_MAX_SIZE)) {
memiter_init(it, fcontents, fsize);
return true;
}
diff --git a/src/fdt.c b/src/fdt.c
index d12faf2..752e9d8 100644
--- a/src/fdt.c
+++ b/src/fdt.c
@@ -58,6 +58,8 @@
#define FDT_VERSION 17
#define FDT_MAGIC 0xd00dfeed
+#define FDT_PROPERTY_NAME_MAX_SIZE 32
+
#define FDT_TOKEN_ALIGNMENT sizeof(uint32_t)
static void fdt_tokenizer_init(struct fdt_tokenizer *t, const char *strs,
@@ -272,7 +274,7 @@
fdt_tokenizer_init(&t, node->strs, node->begin, node->end);
while (fdt_next_property(&t, &prop_name, buf, size)) {
- if (!strcmp(prop_name, name)) {
+ if (!strncmp(prop_name, name, FDT_PROPERTY_NAME_MAX_SIZE)) {
return true;
}
}
@@ -363,7 +365,7 @@
fdt_skip_properties(&t);
while (fdt_next_subnode(&t, &name)) {
- if (!strcmp(name, child)) {
+ if (!strncmp(name, child, FDT_PROPERTY_NAME_MAX_SIZE)) {
node->begin = t.cur;
return true;
}
diff --git a/test/arch/dlog_test.c b/test/arch/dlog_test.c
index f31ba26..079f8af 100644
--- a/test/arch/dlog_test.c
+++ b/test/arch/dlog_test.c
@@ -26,7 +26,7 @@
const char test_string[] = "Test string\n";
dlog(test_string);
- ASSERT_EQ(strcmp(test_string, dlog_buffer), 0);
+ ASSERT_EQ(strncmp(test_string, dlog_buffer, sizeof(test_string)), 0);
/* The \0 at the end shouldn't be counted. */
ASSERT_EQ(dlog_buffer_offset, sizeof(test_string) - 1);
for (int i = sizeof(test_string) - 1; i < DLOG_BUFFER_SIZE; ++i) {
diff --git a/test/hftest/linux_main.c b/test/hftest/linux_main.c
index 2ebe91b..0232665 100644
--- a/test/hftest/linux_main.c
+++ b/test/hftest/linux_main.c
@@ -29,6 +29,8 @@
void test_main(int argc, const char *argv[])
{
+ static const char json_command[] = "json";
+ static const char run_command[] = "run";
const char *command;
if (argc < 2) {
@@ -39,12 +41,12 @@
hftest_use_registered_list();
- if (strcmp(command, "json") == 0) {
+ if (strncmp(command, json_command, sizeof(json_command)) == 0) {
hftest_json();
return;
}
- if (strcmp(command, "run") == 0) {
+ if (strncmp(command, run_command, sizeof(run_command)) == 0) {
struct memiter suite_name;
struct memiter test_name;
diff --git a/test/linux/linux.c b/test/linux/linux.c
index d98d412..59e3ab9 100644
--- a/test/linux/linux.c
+++ b/test/linux/linux.c
@@ -78,7 +78,7 @@
int socket_id;
struct hf_sockaddr addr;
const char send_buf[] = "The quick brown fox jumps over the lazy dogs.";
- size_t send_len = strlen(send_buf);
+ size_t send_len = sizeof(send_buf);
char resp_buf[MAX_BUF_SIZE];
ssize_t recv_len;