autoboot: fix illegal memory access when stop key and delay key are empty

If both stop key and delay key are empty, the length of these keys is 0. The subtraction operation will cause the u_int type variable to overflow, will cause illegal memory access in key input loop. This commit fixes this bug by using int type instead of u_init. Acked-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
author: Yuezhang.Mo@sony.com <Yuezhang.Mo@sony.com> 2021-01-15 03:11:49 +0000
committer: Tom Rini <trini@konsulko.com> 2021-01-27 17:07:48 -0500
commit: e088f0c3d87005bd2bdf11d571e20f6232cc021f (patch)
tree: b7f1b41c94c9c635682786cee5c5a1c9cd9e2d8d
parent: 1e35a4d2282329093ae384bfbb8df844e23798c6 (diff)
1 files changed, 3 insertions, 3 deletions
diff --git a/common/autoboot.c b/common/autoboot.c
index ddb6246be3..b025fd99a0 100644
--- a/common/autoboot.c
+++ b/common/autoboot.c
@@ -164,9 +164,9 @@ static int passwd_abort_key(uint64_t etime)
 	};
 
 	char presskey[MAX_DELAY_STOP_STR];
-	u_int presskey_len = 0;
-	u_int presskey_max = 0;
-	u_int i;
+	int presskey_len = 0;
+	int presskey_max = 0;
+	int i;
 
 #  ifdef CONFIG_AUTOBOOT_DELAY_STR
 	if (delaykey[0].str == NULL)
author	Yuezhang.Mo@sony.com <Yuezhang.Mo@sony.com>	2021-01-15 03:11:49 +0000
committer	Tom Rini <trini@konsulko.com>	2021-01-27 17:07:48 -0500
commit	e088f0c3d87005bd2bdf11d571e20f6232cc021f (patch)
tree	b7f1b41c94c9c635682786cee5c5a1c9cd9e2d8d
parent	1e35a4d2282329093ae384bfbb8df844e23798c6 (diff)