getenv_f(): fix handling of too short buffers
Fix error handling in getenv_f() when the user provided buffer is too
short to hold the variable name; make sure to truncate and
NUL-terminate without overwriting the buffer limits.
Signed-off-by: Wolfgang Denk <wd@denx.de>
diff --git a/common/cmd_nvedit.c b/common/cmd_nvedit.c
index 16d5ff7..fd5320d 100644
--- a/common/cmd_nvedit.c
+++ b/common/cmd_nvedit.c
@@ -557,13 +557,19 @@
}
if ((val=envmatch((uchar *)name, i)) < 0)
continue;
+
/* found; copy out */
- n = 0;
- while ((len > n++) && (*buf++ = env_get_char(val++)) != '\0')
- ;
- if (len == n)
- *buf = '\0';
- return (n);
+ for (n=0; n<len; ++n, ++buf) {
+ if ((*buf = env_get_char(val++)) == '\0')
+ return n;
+ }
+
+ if (n)
+ *--buf = '\0';
+
+ printf("env_buf too small [%d]\n", len);
+
+ return n;
}
return (-1);
}