From mboxrd@z Thu Jan  1 00:00:00 1970
From: Jaehoon Chung <jh80.chung@samsung.com>
Date: Mon, 16 Nov 2020 12:06:27 +0900
Subject: [PATCH] env: mmc: Correct partition comparison in
 mmc_offset_try_partition
In-Reply-To: <10671.1605211310@gemini.denx.de>
References: <CGME20201110211937epcas1p4e9a17e37a7362b2453fc9b14706d3b17@epcas1p4.samsung.com>
 <20201110142837.2987-1-jigi.kim@gmail.com>
 <21adc771-9660-da52-65c8-c2029de9a29e@samsung.com>
 <10671.1605211310@gemini.denx.de>
Message-ID: <82682a40-8061-1608-12c5-a0d6ad378b77@samsung.com>
List-Id: <u-boot.lists.denx.de>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: u-boot@lists.denx.de

Dear Wolfgang,

On 11/13/20 5:01 AM, Wolfgang Denk wrote:
> Dear Jaehoon Chung,
> 
> In message <21adc771-9660-da52-65c8-c2029de9a29e@samsung.com> you wrote:
>> On 11/10/20 11:28 PM, Hoyeonjiki Kim wrote:
>>> The function mmc_offset_try_partition searches MMC partition to save the
>>> environment data by name.  However, it only compares the first word-size
>>> bytes (size of 'const char *'), which may make the function to find
>>> unintended partition.
>>>
>>> Correct the function not to partially compare the partition name with
>>> config "u-boot,,mmc-env-partition".
>>>
>>> Signed-off-by: Hoyeonjiki Kim <jigi.kim@gmail.com>
>>> ---
>>>  env/mmc.c | 2 +-
>>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>>
>>> diff --git a/env/mmc.c b/env/mmc.c
>>> index 4e67180b23..505f7aa2b8 100644
>>> --- a/env/mmc.c
>>> +++ b/env/mmc.c
>>> @@ -42,7 +42,7 @@ static inline int mmc_offset_try_partition(const char *str, int copy, s64 *val)
>>>  		if (ret < 0)
>>>  			return ret;
>>>  
>>> -		if (!strncmp((const char *)info.name, str, sizeof(str)))
>>> +		if (!strcmp((const char *)info.name, str))
>>
>> Using "strlen(str)" is better than changing to strcmp.
>>
>> strncmp(..., ..., strlen(str))
> 
> Is either of this a good idea? I mean, if you pass in random data,
> this will run forever and eventually create undefined behaviour. We
> know the maximum size, so why not limit it to that, as strncmp() did?

Actually, i don' want to use strcmp. 
If my remember is correct, strcmp is already reported about having security hole.
I had commented one example for using to check length.
But i agreed it's not good idea. Thanks for pointing out!

Best Regards,
Jaehoon Chung

> 
> Best regards,
> 
> Wolfgang Denk
>