To create the soc environment variable we concatenate two strings
on the stack. So far, strcat has been used for the first string as
well as for the second string. Since the variable on the stack is
not initialized, the first strcat may not start using the first
entry in the character array. This then could lead to an buffer
overflow on the stack.
Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
Acked-by: Marcel Ziswiler <marcel.ziswiler@toradex.com>
{
char soc[6];
- strcat(soc, "vf");
+ strcpy(soc, "vf");
strcat(soc, soc_type);
setenv("soc", soc);