usb: gadget: validate NULL string before strncpy()

The variable "s" is passed as NULL(i.e 0) When g_dnl_set_serialnumber() is called from hdelete_r() originally. The memory 0~1M is secure for ATF on rockchip arm64 platforms, so the strncpy() accesses 0 address and causes a data-abort. This issue occurs on deleting env "serial#". Change-Id: Idbf76d26809ab8b195ff4f8193e2eeac99692289 Signed-off-by: Joseph Chen <chenjh@rock-chips.com>
2019-11-20 11:28:13 +08:00 · 2019-11-20 11:28:13 +08:00 · f61a2da6e8
parent 6de0075c5d
commit f61a2da6e8
1 changed files with 2 additions and 1 deletions
--- a/drivers/usb/gadget/g_dnl.c
+++ b/drivers/usb/gadget/g_dnl.c
@ -51,7 +51,8 @@ static const char manufacturer[] = CONFIG_G_DNL_MANUFACTURER;
 void g_dnl_set_serialnumber(char *s)
 {
 	memset(g_dnl_serial, 0, MAX_STRING_SERIAL);
-	strncpy(g_dnl_serial, s, MAX_STRING_SERIAL - 1);
+	if (s)
+		strncpy(g_dnl_serial, s, MAX_STRING_SERIAL - 1);
 }

 static struct usb_device_descriptor device_desc = {