diff options
author | Thomas Huth <thuth@redhat.com> | 2018-06-05 12:11:49 +0200 |
---|---|---|
committer | Alexey Kardashevskiy <aik@ozlabs.ru> | 2018-06-07 16:44:25 +1000 |
commit | 2317427ce76006723f7ae103a6998ab41dd79c68 (patch) | |
tree | 4dd7254b8fd48d135f89767e788eb7f2da241036 /lib | |
parent | 1eb8d7ec2dff90e2efa5664d3b1703ed32749ae4 (diff) | |
download | SLOF-2317427ce76006723f7ae103a6998ab41dd79c68.zip SLOF-2317427ce76006723f7ae103a6998ab41dd79c68.tar.gz SLOF-2317427ce76006723f7ae103a6998ab41dd79c68.tar.bz2 |
lib/libnet/pxelinux: Fix two off-by-one bugs in the pxelinux.cfg parser
There are two small bugs in the pxelinux.cfg parser:
1. If the file does not end with a '\n', the code set 'eol = cfg + cfgsize'
and later wrote a NUL character to *eol, i.e. it wrote the NUL character
beyond the end of the buffer. We've got to use 'eol = cfg + cfgsize - 1'
instead.
2. The code always replaced the last byte of the buffer with a NUL character
to get a proper termination. If the config file ends with a required character
(e.g. the last line is a KERNEL or INITRD line and the file does not have
a '\n' at the end), the last character got lost. Move the obligation for the
terminating NUL character to the caller instead so that we can be sure to
have a proper terminated buffer in pxelinux_parse_cfg() without the need to
blindly overwrite the last character here.
Reviewed-by: Greg Kurz <groug@kaod.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Diffstat (limited to 'lib')
-rw-r--r-- | lib/libnet/pxelinux.c | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/lib/libnet/pxelinux.c b/lib/libnet/pxelinux.c index 939a92c..c4ac5d5 100644 --- a/lib/libnet/pxelinux.c +++ b/lib/libnet/pxelinux.c @@ -151,8 +151,9 @@ static int pxelinux_load_cfg(filename_ip_t *fn_ip, uint8_t *mac, const char *uui * in entries point to the original location in the cfg buffer area. The cfg * buffer is altered for this, too, e.g. terminating NUL-characters are put * into the right locations. - * @param cfg Pointer to the buffer with contents of the config file - * @param cfgsize Size of the cfg buffer + * @param cfg Pointer to the buffer with contents of the config file. + * The caller must make sure that it is NUL-terminated. + * @param cfgsize Size of the cfg data (including the terminating NUL) * @param entries Pointer to array where the results should be put into * @param max_entries Number of available slots in the entries array * @param def_ent Used to return the index of the default entry @@ -167,12 +168,10 @@ int pxelinux_parse_cfg(char *cfg, int cfgsize, struct pl_cfg_entry *entries, *def_ent = 0; - cfg[cfgsize - 1] = 0; /* Make sure it is NUL-terminated */ - while (ptr < cfg + cfgsize && num_entries < max_entries) { eol = strchr(ptr, '\n'); if (!eol) { - eol = cfg + cfgsize; + eol = cfg + cfgsize - 1; } nextptr = eol + 1; do { @@ -246,5 +245,7 @@ int pxelinux_load_parse_cfg(filename_ip_t *fn_ip, uint8_t *mac, const char *uuid return rc; assert(rc < cfgsize); + cfgbuf[rc++] = '\0'; /* Make sure it is NUL-terminated */ + return pxelinux_parse_cfg(cfgbuf, rc, entries, max_entries, def_ent); } |