diff options
| author | marcel <marcel@FreeBSD.org> | 2014-10-09 01:54:32 +0000 |
|---|---|---|
| committer | marcel <marcel@FreeBSD.org> | 2014-10-09 01:54:32 +0000 |
| commit | 878e8a27204e100ef8ba737f703c3688396b1413 (patch) | |
| tree | c345b03949c2efc0f34f8cfdb37cd0af5e985e9b | |
| parent | 9cf2b42641723fc9186176c799339e4834f76bc4 (diff) | |
| download | FreeBSD-src-878e8a27204e100ef8ba737f703c3688396b1413.zip FreeBSD-src-878e8a27204e100ef8ba737f703c3688396b1413.tar.gz | |
Properly NUL-terminate the on-stack buffer for reading /boot.config
or /boot/config. In qemu, on a warm boot, the stack is not all zeroes
and we parse beyond the file's contents.
Obtained from: Juniper Networks, Inc.
| -rw-r--r-- | sys/boot/i386/gptboot/gptboot.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/sys/boot/i386/gptboot/gptboot.c b/sys/boot/i386/gptboot/gptboot.c index 0596499..4fa5227 100644 --- a/sys/boot/i386/gptboot/gptboot.c +++ b/sys/boot/i386/gptboot/gptboot.c @@ -136,6 +136,7 @@ int main(void) { char cmd[512], cmdtmp[512]; + ssize_t sz; int autoboot, dskupdated; ufs_ino_t ino; @@ -164,9 +165,10 @@ main(void) for (;;) { *kname = '\0'; if ((ino = lookup(PATH_CONFIG)) || - (ino = lookup(PATH_DOTCONFIG))) - fsread(ino, cmd, sizeof(cmd)); - + (ino = lookup(PATH_DOTCONFIG))) { + sz = fsread(ino, cmd, sizeof(cmd) - 1); + cmd[(sz < 0) ? 0 : sz] = '\0'; + } if (*cmd != '\0') { memcpy(cmdtmp, cmd, sizeof(cmdtmp)); if (parse(cmdtmp, &dskupdated)) |
