diff options
author | Adam Lackorzynski <adam@os.inf.tu-dresden.de> | 2009-10-11 15:48:41 +0200 |
---|---|---|
committer | Anthony Liguori <aliguori@us.ibm.com> | 2009-10-15 09:32:04 -0500 |
commit | bf854d65a5db2380ef2f0e8014f79a405c523b94 (patch) | |
tree | f4157bcb5e1633509efa17f1223ccb72fea5dc15 | |
parent | 3f3d583efdb10e7c98a9bb501e11ccfb0fc638fa (diff) | |
download | qemu-bf854d65a5db2380ef2f0e8014f79a405c523b94.zip qemu-bf854d65a5db2380ef2f0e8014f79a405c523b94.tar.gz qemu-bf854d65a5db2380ef2f0e8014f79a405c523b94.tar.bz2 |
multiboot: Limit number of multiboot modules
Add size checks to avoid overwriting the multiboot structure
when too many modules are loaded.
Patchworks-ID: 35700
Signed-off-by: Adam Lackorzynski <adam@os.inf.tu-dresden.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
-rw-r--r-- | hw/pc.c | 9 |
1 files changed, 8 insertions, 1 deletions
@@ -702,6 +702,10 @@ static int load_multiboot(void *fw_cfg, int mb_mod_count = 0; do { + if (mb_mod_info + 16 > mb_mod_cmdline) { + printf("WARNING: Too many modules loaded, aborting.\n"); + break; + } next_initrd = strchr(initrd_filename, ','); if (next_initrd) *next_initrd = '\0'; @@ -712,8 +716,11 @@ static int load_multiboot(void *fw_cfg, initrd_filename); stl_p(bootinfo + mb_mod_info + 8, mb_bootinfo + mb_mod_cmdline); /* string */ mb_mod_cmdline += strlen(initrd_filename) + 1; - if (mb_mod_cmdline > sizeof(bootinfo)) + if (mb_mod_cmdline > sizeof(bootinfo)) { mb_mod_cmdline = sizeof(bootinfo); + printf("WARNING: Too many module cmdlines loaded, aborting.\n"); + break; + } if ((next_space = strchr(initrd_filename, ' '))) *next_space = '\0'; #ifdef DEBUG_MULTIBOOT |