libpldm: bios_table: Fix a possible overflow
pldm_bios_table_string_entry_decode_string appends \0
at the end of the string which could exceed the buffer size
Signed-off-by: John Wang <wangzqbj@inspur.com>
Change-Id: I43f67e1b7631e9f6043b75846baf123adf1f7fe1
diff --git a/libpldmresponder/bios.cpp b/libpldmresponder/bios.cpp
index 3f0d4ec..b0b12d8 100644
--- a/libpldmresponder/bios.cpp
+++ b/libpldmresponder/bios.cpp
@@ -331,19 +331,20 @@
BIOSStringTable.load(table);
auto stringEntry = pldm_bios_table_string_find_by_handle(
table.data(), table.size(), stringHdl);
- std::string name;
if (stringEntry == nullptr)
{
std::cerr << "Reached end of BIOS string table,did not find "
<< "string name for handle, STRING_HANDLE=" << stringHdl
<< "\n";
+ throw InternalFailure();
}
auto strLength =
pldm_bios_table_string_entry_decode_string_length(stringEntry);
- name.resize(strLength);
- pldm_bios_table_string_entry_decode_string(stringEntry, name.data(),
- name.size());
- return name;
+ std::vector<char> buffer(strLength + 1);
+ pldm_bios_table_string_entry_decode_string(stringEntry, buffer.data(),
+ buffer.size());
+
+ return std::string(buffer.data(), buffer.data() + strLength);
}
namespace bios_type_enum