Author: marcel
Date: Thu Oct 9 01:54:32 2014
New Revision: 272785
URL: https://svnweb.freebsd.org/changeset/base/272785
Log:
Properly NUL-terminate the on-stack buffer for reading /boot.config
or /boot/config. In qemu, on a warm boot, the stack is not all zeroes
and we parse beyond the file's contents.
Obtained from: Juniper Networks, Inc.
Modified:
head/sys/boot/i386/gptboot/gptboot.c
Modified: head/sys/boot/i386/gptboot/gptboot.c
==============================================================================
--- head/sys/boot/i386/gptboot/gptboot.c Thu Oct 9 01:53:23 2014
(r272784)
+++ head/sys/boot/i386/gptboot/gptboot.c Thu Oct 9 01:54:32 2014
(r272785)
@@ -136,6 +136,7 @@ int
main(void)
{
char cmd[512], cmdtmp[512];
+ ssize_t sz;
int autoboot, dskupdated;
ufs_ino_t ino;
@@ -164,9 +165,10 @@ main(void)
for (;;) {
*kname = '\0';
if ((ino = lookup(PATH_CONFIG)) ||
- (ino = lookup(PATH_DOTCONFIG)))
- fsread(ino, cmd, sizeof(cmd));
-
+ (ino = lookup(PATH_DOTCONFIG))) {
+ sz = fsread(ino, cmd, sizeof(cmd) - 1);
+ cmd[(sz < 0) ? 0 : sz] = '\0';
+ }
if (*cmd != '\0') {
memcpy(cmdtmp, cmd, sizeof(cmdtmp));
if (parse(cmdtmp, &dskupdated))
_______________________________________________
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
