robin.thoni
/
ipxe
Seguir 1
Destacar 0
Cuchillo 0
Código Incidencias 0 Peticiones pull 0 Lanzamientos 11 Wiki Actividad
Explorar el Código

[settings] Avoid overwriting the start of .text in fetch_string_setting() 

fetch_string_setting() was subtracting one from the length of the
to-be-NUL-terminated buffer in order to obtain the length of the
unterminated buffer to be passed to fetch_setting().  This works
extremely well unless the length of the to-be-NUL-terminated buffer is
zero, at which point we end up giving fetch_setting() a buffer of
length -1UL, thereby inviting it to overwrite as much memory as it
wants...
tags/v0.9.4
Michael Brown hace 17 años
padre
a1d0f6ed2e
commit
8f8f5acf09
Se han modificado 1 ficheros con 2 adiciones y 1 borrados
Dividir vista Mostrar estadísticas de diff
  1. 2
    1
      src/core/settings.c

+ 2
- 1
src/core/settings.c Ver fichero 

@@ -381,7 +381,8 @@ int fetch_setting_len ( struct settings *settings, struct setting *setting ) {
381 381 
 int fetch_string_setting ( struct settings *settings, struct setting *setting,
382 382 
 			   char *data, size_t len ) {
383 383 
 	memset ( data, 0, len );
384 
-	return fetch_setting ( settings, setting, data, ( len - 1 ) );
384 
+	return fetch_setting ( settings, setting, data,
385 
+			       ( ( len > 0 ) ? ( len - 1 ) : 0 ) );
385 386 
 }
386 387
387 388 
 /**

Write Preview
Loading…
Cancelar
Guardar