sysadmin/ipxe
1
0
Fork 0
mirror of https://github.com/ipxe/ipxe synced 2025-12-17 10:01:03 +03:00
Code Issues Packages Projects Releases Wiki Activity

[settings] Avoid overwriting the start of .text in fetch_string_setting()

Browse Source 
fetch_string_setting() was subtracting one from the length of the
to-be-NUL-terminated buffer in order to obtain the length of the
unterminated buffer to be passed to fetch_setting().  This works
extremely well unless the length of the to-be-NUL-terminated buffer is
zero, at which point we end up giving fetch_setting() a buffer of
length -1UL, thereby inviting it to overwrite as much memory as it
wants...
This commit is contained in:
Michael Brown
2008-08-14 03:03:53 +01:00
parent a1d0f6ed2e
commit 8f8f5acf09
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/core/settings.c
View File

@@ -381,7 +381,8 @@ int fetch_setting_len ( struct settings *settings, struct setting *setting ) {
int fetch_string_setting ( struct settings *settings, struct setting *setting, int fetch_string_setting ( struct settings *settings, struct setting *setting,
char *data, size_t len ) { char *data, size_t len ) {
memset ( data, 0, len ); memset ( data, 0, len );
return fetch_setting ( settings, setting, data, ( len - 1 ) ); return fetch_setting ( settings, setting, data,
( ( len > 0 ) ? ( len - 1 ) : 0 ) );
} }
/** /**