From 0e62d76d16d19087c22c827480a0af52966b9cca Mon Sep 17 00:00:00 2001
From: Youness Alaoui <kakaroto@kakaroto.homelinux.net>
Date: Fri, 31 Mar 2017 16:21:50 -0400
Subject: [PATCH] UPSTREAM: util/intelmetool: Fix access to deleted data on
 stack

pci_me_interface_scan was returning (via argument 'name') a pointer
to the interface name which was stored in a stack variable.  This
caused part of the name to be printed as garbage stack data in some
situations if stack data was overwritten.

This moves the name buffer to the calling function so it can be accessed
before it gets overwritten.

BUG=none
BRANCH=none
TEST=none

Change-Id: If90d643cac4ab73e0c7910c12b8bc4694e872664
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Original-Commit-Id: e0c53af470feae1d7d66dc4aa9d067402a468626
Original-Change-Id: I947a4c794ee37fe87e035593eaabcaf963b9875e
Original-Signed-off-by: Youness Alaoui <youness.alaoui@puri.sm>
Original-Reviewed-on: https://review.coreboot.org/19066
Original-Tested-by: build bot (Jenkins)
Original-Reviewed-by: Nico Huber <nico.h@gmx.de>
Reviewed-on: https://chromium-review.googlesource.com/467106
---
 util/intelmetool/intelmetool.c | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/util/intelmetool/intelmetool.c b/util/intelmetool/intelmetool.c
index 45e8c8f7ba..c49c635ca5 100644
--- a/util/intelmetool/intelmetool.c
+++ b/util/intelmetool/intelmetool.c
@@ -106,7 +106,8 @@ static void dump_me_memory() {
 static int pci_platform_scan() {
 	struct pci_access *pacc;
 	struct pci_dev *dev;
-	char namebuf[1024], *name;
+	char namebuf[1024];
+	const char *name;
 
 	pacc = pci_alloc();
 	pacc->method = PCI_ACCESS_I386_TYPE1;
@@ -152,10 +153,9 @@ static int pci_platform_scan() {
 	return 0;
 }
 
-static struct pci_dev *pci_me_interface_scan(char **name) {
+static struct pci_dev *pci_me_interface_scan(const char **name, char *namebuf, int namebuf_size) {
 	struct pci_access *pacc;
 	struct pci_dev *dev;
-	char namebuf[1024];
 	int me = 0;
 
 	pacc = pci_alloc();
@@ -166,7 +166,7 @@ static struct pci_dev *pci_me_interface_scan(char **name) {
 
 	for (dev=pacc->devices; dev; dev=dev->next) {
 		pci_fill_info(dev, PCI_FILL_IDENT | PCI_FILL_BASES | PCI_FILL_SIZES | PCI_FILL_CLASS);
-		*name = pci_lookup_name(pacc, namebuf, sizeof(namebuf),
+		*name = pci_lookup_name(pacc, namebuf, namebuf_size,
 			PCI_LOOKUP_DEVICE, dev->vendor_id, dev->device_id);
 		if (dev->vendor_id == 0x8086) {
 			if (PCI_DEV_HAS_SUPPORTED_ME(dev->device_id)) {
@@ -226,7 +226,8 @@ static int activate_me() {
 static void dump_me_info() {
 	struct pci_dev *dev;
 	uint32_t stat, stat2;
-	char *name;
+	char namebuf[1024];
+	const char *name;
 
 	if (pci_platform_scan()) {
 		exit(1);
@@ -236,7 +237,7 @@ static void dump_me_info() {
 		exit(1);
 	}
 
-	dev = pci_me_interface_scan(&name);
+	dev = pci_me_interface_scan(&name, namebuf, sizeof(namebuf));
 	if (!dev) {
 		exit(1);
 	}