From: Glenn Washburn <development@efficientek.com>
Date: Fri, 14 Jul 2023 20:33:19 +0000 (-0500)
Subject: term/serial: Ensure proper NULL termination after grub_strncpy()
X-Git-Tag: grub-2.12~62
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f7a663c007dcaf97223112660bad51ef6c0ca09e;p=thirdparty%2Fgrub.git

term/serial: Ensure proper NULL termination after grub_strncpy()

A large enough argument to the --port option could cause a string buffer
to be not NULL terminated because grub_strncpy() does not guarantee NULL
termination if copied string is longer than max characters to copy.

Fixes: 712309eaae04 (term/serial: Use grub_strncpy() instead of grub_snprintf() when only copying string)

Signed-off-by: Glenn Washburn <development@efficientek.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---

diff --git a/grub-core/term/serial.c b/grub-core/term/serial.c
index 869555430..8260dcb7a 100644
--- a/grub-core/term/serial.c
+++ b/grub-core/term/serial.c
@@ -257,7 +257,10 @@ grub_cmd_serial (grub_extcmd_context_t ctxt, int argc, char **args)
     {
       if (grub_strncmp (state[OPTION_PORT].arg, "mmio,", sizeof ("mmio,") - 1) == 0 ||
 	  grub_strncmp (state[OPTION_PORT].arg, "pci,", sizeof ("pci,") - 1) == 0)
-	grub_strncpy (pname, state[1].arg, sizeof (pname));
+	{
+	  grub_strncpy (pname, state[1].arg, sizeof (pname));
+	  pname[sizeof (pname) - 1] = '\0';
+	}
       else
 	grub_snprintf (pname, sizeof (pname), "port%lx",
 		       grub_strtoul (state[1].arg, 0, 0));