[PATCH v2] password: Fix warning with empty default password

[PATCH v2] password: Fix warning with empty default password

[David Dgien]

When CONFIG_PASSWORD_DEFAULT is unset, the default_passwd buffer is set
to the empty string. The read_default_passwd() function wants to read at
least two characters from that buffer, causing GCC to generate an array
bounds warning:

barebox/common/password.c: In function 'login':
barebox/common/password.c:173:5: warning: array subscript [1, 2147483647] is outside array bounds of 'const char[1]' [-Warray-bounds]
In file included from barebox/common/password.c:30:
include/generated/passwd.h:1:19: note: while referencing 'default_passwd'

Add an ARRAY_SIZE check to default_passwd so that the loop is optimized
away and the warning is no longer generated. Since the
read_default_passwd() function is only called when default_passwd is not
the empty string, this is not a functional change.

Signed-off-by: David Dgien <dgienda125@gmail.com>
---
Changes since v1:
  - Added warning output to commit message
  - Rework fix in read_default_passwd() instead of hacking with the makefile

 common/password.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/common/password.c b/common/password.c
index a2a9c4cd6..3a0547b9a 100644
--- a/common/password.c
+++ b/common/password.c
@@ -161,6 +161,9 @@ static int read_default_passwd(unsigned char *sum, size_t length)
 	unsigned char *buf = (unsigned char *)default_passwd;
 	unsigned char c;
 
+	if (ARRAY_SIZE(default_passwd) == 1)
+		return -ENOSYS;
+
 	if (!sum || length < 1)
 		return -EINVAL;
 
-- 
2.26.2


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

Re: [PATCH v2] password: Fix warning with empty default password

[Sascha Hauer]

On Fri, May 22, 2020 at 08:51:56PM -0400, David Dgien wrote:
> When CONFIG_PASSWORD_DEFAULT is unset, the default_passwd buffer is set
> to the empty string. The read_default_passwd() function wants to read at
> least two characters from that buffer, causing GCC to generate an array
> bounds warning:
> 
> barebox/common/password.c: In function 'login':
> barebox/common/password.c:173:5: warning: array subscript [1, 2147483647] is outside array bounds of 'const char[1]' [-Warray-bounds]
> In file included from barebox/common/password.c:30:
> include/generated/passwd.h:1:19: note: while referencing 'default_passwd'
> 
> Add an ARRAY_SIZE check to default_passwd so that the loop is optimized
> away and the warning is no longer generated. Since the
> read_default_passwd() function is only called when default_passwd is not
> the empty string, this is not a functional change.
> 
> Signed-off-by: David Dgien <dgienda125@gmail.com>
> ---
> Changes since v1:
>   - Added warning output to commit message
>   - Rework fix in read_default_passwd() instead of hacking with the makefile
> 
>  common/password.c | 3 +++
>  1 file changed, 3 insertions(+)

Applied, thanks

Sascha


-- 
Pengutronix e.K.                           |                             |
Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox