From 3babfbc970b8ab6b5d77d4588be9093f6c13abb7 Mon Sep 17 00:00:00 2001
From: Wudi <wudicgi@gmail.com>
Date: Mon, 30 Dec 2019 15:11:51 +0800
Subject: [PATCH 1/2] =?UTF-8?q?=E4=BF=AE=E6=AD=A3=E4=BA=86=20find=5Fenv=5F?=
 =?UTF-8?q?cb()=20=E5=87=BD=E6=95=B0=E4=B8=AD=E7=9A=84=E4=B8=80=E5=A4=84?=
 =?UTF-8?q?=E5=88=A4=E6=96=AD=20key=20=E6=98=AF=E5=90=A6=E7=9B=B8=E7=AD=89?=
 =?UTF-8?q?=E9=94=99=E8=AF=AF=E7=9A=84=20bug?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

当 env->name 中 env->name_len 长度后含有垃圾数据时，由于调用的是字符串比较函数，且指定的 max_len 错误，
该 bug 会导致超出 env->name_len 长度但在 strlen(key) 长度内的垃圾数据也会参与比较，如果相等则认为找到了需要查找的 key.
实际需要避免这些垃圾数据影响实际 key 值的比较。
---
 easyflash/src/ef_env.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/easyflash/src/ef_env.c b/easyflash/src/ef_env.c
index ce78d2f..8877895 100644
--- a/easyflash/src/ef_env.c
+++ b/easyflash/src/ef_env.c
@@ -713,6 +713,10 @@ static bool find_env_cb(env_node_obj_t env, void *arg1, void *arg2)
     bool *find_ok = arg2;
     uint8_t max_len = strlen(key);
 
+    if (max_len != env->name_len) {
+        return false;
+    }
+
     if (max_len < env->name_len) {
         max_len = env->name_len;
     }

From 12f8f0864c8e7086c4df9165413f714d600cbc8c Mon Sep 17 00:00:00 2001
From: Wudi <wudicgi@gmail.com>
Date: Mon, 30 Dec 2019 21:25:15 +0800
Subject: [PATCH 2/2] =?UTF-8?q?=E5=8E=BB=E9=99=A4=E4=BA=86=20find=5Fenv=5F?=
 =?UTF-8?q?cb()=20=E4=B8=AD=E4=BF=AE=E6=AD=A3=20bug=20=E5=90=8E=E9=81=97?=
 =?UTF-8?q?=E7=95=99=E7=9A=84=E6=97=A0=E7=94=A8=E4=BB=A3=E7=A0=81=EF=BC=8C?=
 =?UTF-8?q?=E5=90=8C=E6=97=B6=E4=BF=AE=E6=94=B9=E4=BA=86=20max=5Flen=20?=
 =?UTF-8?q?=E7=9A=84=E5=8F=98=E9=87=8F=E5=90=8D=E5=92=8C=E7=B1=BB=E5=9E=8B?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 easyflash/src/ef_env.c | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/easyflash/src/ef_env.c b/easyflash/src/ef_env.c
index 8877895..c5b2a73 100644
--- a/easyflash/src/ef_env.c
+++ b/easyflash/src/ef_env.c
@@ -711,17 +711,13 @@ static bool find_env_cb(env_node_obj_t env, void *arg1, void *arg2)
 {
     const char *key = arg1;
     bool *find_ok = arg2;
-    uint8_t max_len = strlen(key);
+    size_t key_len = strlen(key);
 
-    if (max_len != env->name_len) {
+    if (key_len != env->name_len) {
         return false;
     }
-
-    if (max_len < env->name_len) {
-        max_len = env->name_len;
-    }
     /* check ENV */
-    if (env->crc_is_ok && env->status == ENV_WRITE && !strncmp(env->name, key, max_len)) {
+    if (env->crc_is_ok && env->status == ENV_WRITE && !strncmp(env->name, key, key_len)) {
         *find_ok = true;
         return true;
     }