boot: pxe_utils: Fix potential initrd_filesize buffer overflow

ulong is 64 bits on 64-bit platforms. Hence, simple_xtoa can
produce up to 16 hex characters + NULL byte. The initrd_filesize
buffer is only 10 bytes which can cause a buffer overflow on
every PXE boot that loads an initrd on an address greater than
4GB.

Increase buffer size to 17 bytes to hold the maximum hex
representation of a 64-bit address.

Signed-off-by: Francois Berder <fberder@outlook.fr>
Reviewed-by: Jerome Forissier <jerome.forissier@arm.com>

diff --git a/boot/pxe_utils.c b/boot/pxe_utils.c
index 419ab1f1b0ef852265093d875dd6351ebea34b6c..8c1310dabeb71680079e8b66e2a8ef10db16be8f 100644 (file)
--- a/boot/pxe_utils.c
+++ b/boot/pxe_utils.c
@@ -546,7 +546,7 @@ static int label_boot(struct pxe_context *ctx, struct pxe_label *label)
        char *zboot_argv[] = { "zboot", NULL, "0", NULL, NULL };
        char *kernel_addr = NULL;
        char *initrd_addr_str = NULL;
-       char initrd_filesize[10];
+       char initrd_filesize[17];
        char initrd_str[28];
        char mac_str[29] = "";
        char ip_str[68] = "";