hush shell: Avoid string write overflow when entering max cmd length console_buffer array is defined to be CONFIG_SYS_CBSIZE + 1 long, whereas the_command array only CONFIG_SYS_CBSIZE long. Subsequent use of strcpy(the_command, console_buffer) will write final \0 terminating byte outside the_command array when entering a command of max length. Signed-off-by: Kristian Otnes <kotnes <at> cisco <dot> com>

commit: 5c50a92bbea7e118ea4e4fb0945bf6707b010a80 [log] [tgz]
author: Kristian Otnes <kotnes@cisco.com> Fri Apr 25 15:35:43 2014 +0200
committer: Tom Rini <trini@ti.com> Mon May 12 15:20:05 2014 -0400
tree: 034a76d7fe3a7e183aba9ba9fd3c518e9fa21fef
parent: bf69d6642326cfecef440bb245946903454ff30e [diff]
diff --git a/common/hush.c b/common/hush.c
index df10267..5b43224 100644
--- a/common/hush.c
+++ b/common/hush.c

@@ -996,7 +996,7 @@
 	i->p = the_command;
 #else
 	int n;
-	static char the_command[CONFIG_SYS_CBSIZE];
+	static char the_command[CONFIG_SYS_CBSIZE + 1];
 
 #ifdef CONFIG_BOOT_RETRY_TIME
 #  ifndef CONFIG_RESET_TO_RETRY
commit	5c50a92bbea7e118ea4e4fb0945bf6707b010a80	[log] [tgz]
author	Kristian Otnes <kotnes@cisco.com>	Fri Apr 25 15:35:43 2014 +0200
committer	Tom Rini <trini@ti.com>	Mon May 12 15:20:05 2014 -0400
tree	034a76d7fe3a7e183aba9ba9fd3c518e9fa21fef
parent	bf69d6642326cfecef440bb245946903454ff30e [diff]