Procházet zdrojové kódy

[script] Avoid using stack-allocated memory in process_line()

Script lines can be arbitrarily long; allocate on the heap rather than
on the stack.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
tags/v1.20.1
Michael Brown před 12 roky
rodič
revize
a026a27f04
1 změnil soubory, kde provedl 15 přidání a 14 odebrání
  1. 15
    14
      src/image/script.c

+ 15
- 14
src/image/script.c Zobrazit soubor

@@ -58,6 +58,7 @@ static int process_script ( struct image *image,
58 58
 			    int ( * terminate ) ( int rc ) ) {
59 59
 	off_t eol;
60 60
 	size_t len;
61
+	char *line;
61 62
 	int rc;
62 63
 
63 64
 	script_offset = 0;
@@ -71,23 +72,23 @@ static int process_script ( struct image *image,
71 72
 			eol = image->len;
72 73
 		len = ( eol - script_offset );
73 74
 
74
-		/* Copy line, terminate with NUL, and execute command */
75
-		{
76
-			char cmdbuf[ len + 1 ];
75
+		/* Allocate buffer for line */
76
+		line = zalloc ( len + 1 /* NUL */ );
77
+		if ( ! line )
78
+			return -ENOMEM;
77 79
 
78
-			copy_from_user ( cmdbuf, image->data,
79
-					 script_offset, len );
80
-			cmdbuf[len] = '\0';
81
-			DBG ( "$ %s\n", cmdbuf );
80
+		/* Copy line */
81
+		copy_from_user ( line, image->data, script_offset, len );
82
+		DBG ( "$ %s\n", line );
82 83
 
83
-			/* Move to next line */
84
-			script_offset += ( len + 1 );
84
+		/* Move to next line */
85
+		script_offset += ( len + 1 );
85 86
 
86
-			/* Process line */
87
-			rc = process_line ( cmdbuf );
88
-			if ( terminate ( rc ) )
89
-				return rc;
90
-		}
87
+		/* Process and free line */
88
+		rc = process_line ( line );
89
+		free ( line );
90
+		if ( terminate ( rc ) )
91
+			return rc;
91 92
 
92 93
 	} while ( script_offset < image->len );
93 94
 

Načítá se…
Zrušit
Uložit