From 452b689a0e0a9a24ad6aa080e9f98836d1c3c1d5 Mon Sep 17 00:00:00 2001
From: Shrikant Temburwar <shrikant.temburwar@intel.com>
Date: Tue, 21 Nov 2023 00:08:21 +0530
Subject: [PATCH] Add input validation in get_device_serial() function Add
 const to char *cmd

Signed-off-by: Shrikant Temburwar <shrikant.temburwar@intel.com>
---
 storage/util.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/storage/util.c b/storage/util.c
index 942f1c1a..5cacfadb 100644
--- a/storage/util.c
+++ b/storage/util.c
@@ -323,11 +323,18 @@ int print_timestamp(void)
 }
 
 #if defined(GET_DEV_SERIAL)
-// Get device serial number
+/**
+ * Internal API
+ * Get device serial number from system BIOS table
+ * */
 int get_device_serial(char *serial_buff)
 {
+	if (!serial_buff) {
+		return -1;
+	}
+
 	FILE *fp;
-	char *cmd = "dmidecode -s system-serial-number";
+	const char *cmd = "dmidecode -s system-serial-number";
 	int out_sz;
 	char out[MAX_DEV_SERIAL_SZ];
 	int results_sz = 0;