[syslinux] Syslinux-4.06-pre14
Matt Fleming
matt at console-pimps.org
Mon Nov 5 00:57:05 PST 2012
On Wed, 2012-10-17 at 14:28 +0100, Frediano Ziglio wrote:
> I noted also a bug resetting adv in extlinux. The problem is in
> modify_existing_adv. If opt.reset_adv is set you don't initialize
> filename so the next ext_write_adv will crash. Sorry to report only now.
Thanks Frediano, I queued up the following patch.
---
>From 2bc5ea50ca5f670c1101d7986a70adfc5cae8b48 Mon Sep 17 00:00:00 2001
From: Matt Fleming <matt.fleming at intel.com>
Date: Fri, 2 Nov 2012 17:02:36 +0000
Subject: [PATCH] extlinux: Avoid dereferencing a garbage pointer
If opt.reset_adv is set the call to ext_read_adv() is skipped which
would have initialised 'filename'. This means that a pointer
containing random data from the stack is passed to ext_write_adv().
Just delete the opt.reset_adv logic since modify_adv() handles that
case anyway.
Reported-by: Frediano Ziglio <frediano.ziglio at citrix.com>
Signed-off-by: Matt Fleming <matt.fleming at intel.com>
---
extlinux/main.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/extlinux/main.c b/extlinux/main.c
index 611b808..9dc8891 100644
--- a/extlinux/main.c
+++ b/extlinux/main.c
@@ -1288,9 +1288,7 @@ int modify_existing_adv(const char *path)
if (devfd < 0)
return 1;
- if (opt.reset_adv)
- syslinux_reset_adv(syslinux_adv);
- else if (ext_read_adv(path, devfd, &filename) < 0) {
+ if (ext_read_adv(path, devfd, &filename) < 0) {
close(devfd);
return 1;
}
--
1.7.11.7
--
Matt Fleming, Intel Open Source Technology Center
More information about the Syslinux
mailing list