aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAdam Lackorzynski <adam@os.inf.tu-dresden.de>2009-10-11 15:48:41 +0200
committerAnthony Liguori <aliguori@us.ibm.com>2009-10-15 09:32:04 -0500
commitbf854d65a5db2380ef2f0e8014f79a405c523b94 (patch)
treef4157bcb5e1633509efa17f1223ccb72fea5dc15
parent3f3d583efdb10e7c98a9bb501e11ccfb0fc638fa (diff)
downloadqemu-bf854d65a5db2380ef2f0e8014f79a405c523b94.zip
qemu-bf854d65a5db2380ef2f0e8014f79a405c523b94.tar.gz
qemu-bf854d65a5db2380ef2f0e8014f79a405c523b94.tar.bz2
multiboot: Limit number of multiboot modules
Add size checks to avoid overwriting the multiboot structure when too many modules are loaded. Patchworks-ID: 35700 Signed-off-by: Adam Lackorzynski <adam@os.inf.tu-dresden.de> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
-rw-r--r--hw/pc.c9
1 files changed, 8 insertions, 1 deletions
diff --git a/hw/pc.c b/hw/pc.c
index 47afaa5..408d6d6 100644
--- a/hw/pc.c
+++ b/hw/pc.c
@@ -702,6 +702,10 @@ static int load_multiboot(void *fw_cfg,
int mb_mod_count = 0;
do {
+ if (mb_mod_info + 16 > mb_mod_cmdline) {
+ printf("WARNING: Too many modules loaded, aborting.\n");
+ break;
+ }
next_initrd = strchr(initrd_filename, ',');
if (next_initrd)
*next_initrd = '\0';
@@ -712,8 +716,11 @@ static int load_multiboot(void *fw_cfg,
initrd_filename);
stl_p(bootinfo + mb_mod_info + 8, mb_bootinfo + mb_mod_cmdline); /* string */
mb_mod_cmdline += strlen(initrd_filename) + 1;
- if (mb_mod_cmdline > sizeof(bootinfo))
+ if (mb_mod_cmdline > sizeof(bootinfo)) {
mb_mod_cmdline = sizeof(bootinfo);
+ printf("WARNING: Too many module cmdlines loaded, aborting.\n");
+ break;
+ }
if ((next_space = strchr(initrd_filename, ' ')))
*next_space = '\0';
#ifdef DEBUG_MULTIBOOT