diff options
author | Matt Fleming <matt.fleming@intel.com> | 2012-11-02 17:02:36 +0000 |
---|---|---|
committer | Matt Fleming <matt.fleming@intel.com> | 2012-11-05 08:29:58 +0000 |
commit | 2bc5ea50ca5f670c1101d7986a70adfc5cae8b48 (patch) | |
tree | 58a2c9a5fd0ce35897c5bd3c41ff268c596f120e | |
parent | 967ee8a1ed49092ed2a6296936698a40b115a013 (diff) | |
download | syslinux-2bc5ea50ca5f670c1101d7986a70adfc5cae8b48.tar.gz syslinux-2bc5ea50ca5f670c1101d7986a70adfc5cae8b48.tar.xz syslinux-2bc5ea50ca5f670c1101d7986a70adfc5cae8b48.zip |
extlinux: Avoid dereferencing a garbage pointer
If opt.reset_adv is set the call to ext_read_adv() is skipped which
would have initialised 'filename'. This means that a pointer
containing random data from the stack is passed to ext_write_adv().
Just delete the opt.reset_adv logic since modify_adv() handles that
case anyway.
Reported-by: Frediano Ziglio <frediano.ziglio@citrix.com>
Signed-off-by: Matt Fleming <matt.fleming@intel.com>
-rw-r--r-- | extlinux/main.c | 4 |
1 files changed, 1 insertions, 3 deletions
diff --git a/extlinux/main.c b/extlinux/main.c index 611b8080..9dc88917 100644 --- a/extlinux/main.c +++ b/extlinux/main.c @@ -1288,9 +1288,7 @@ int modify_existing_adv(const char *path) if (devfd < 0) return 1; - if (opt.reset_adv) - syslinux_reset_adv(syslinux_adv); - else if (ext_read_adv(path, devfd, &filename) < 0) { + if (ext_read_adv(path, devfd, &filename) < 0) { close(devfd); return 1; } |