commit 13f099ff1b755b738a9c8541c6646c7acbcb5d00
author Ed Tanous <etanous@nvidia.com> Wed Nov 20 11:10:30 2024 -0800
committer Ed Tanous <ed@tanous.net> Wed Nov 20 20:54:20 2024 -0800
tree 8704a8ffaa5ee7fc9ea3fc4b348ff309ed6f0e8b
parent c2558c64cff58f49495f70680ab7a2b79ec4e7c3

Fix timestamp buffer length overrun

Addresses the buffer overrun introduced by format changes.

Change-Id: I8341818747b43883a3d3b243e9a1fbc5bcc927cf
Signed-off-by: Andrew Adriance <aadriance@nvidia.com>
Signed-off-by: Ed Tanous <etanous@nvidia.com>

cper-utils.c

diff --git a/cper-utils.c b/cper-utils.c
index 7008020..1e259e8 100644
--- a/cper-utils.c
+++ b/cper-utils.c
@@ -240,15 +240,22 @@
 
 //Converts a single EFI timestamp to string, at the given output.
 //Output must be at least TIMESTAMP_LENGTH bytes long.
-void timestamp_to_string(char *out, EFI_ERROR_TIME_STAMP *timestamp)
+void timestamp_to_string(char *out, int out_len,
+			 EFI_ERROR_TIME_STAMP *timestamp)
 {
-	sprintf(out, "%02hhu%02hhu-%02hhu-%02hhuT%02hhu:%02hhu:%02hhu+00:00",
+	int written = snprintf(
+		out, out_len,
+		"%02hhu%02hhu-%02hhu-%02hhuT%02hhu:%02hhu:%02hhu+00:00",
 		bcd_to_int(timestamp->Century) %
 			100,			   //Cannot go to three digits.
 		bcd_to_int(timestamp->Year) % 100, //Cannot go to three digits.
 		bcd_to_int(timestamp->Month), bcd_to_int(timestamp->Day),
 		bcd_to_int(timestamp->Hours), bcd_to_int(timestamp->Minutes),
 		bcd_to_int(timestamp->Seconds));
+
+	if (written < 0 || written >= out_len) {
+		printf("Timestamp buffer of insufficient size\n");
+	}
 }
 
 //Converts a single timestamp string to an EFI timestamp.