[syslinux] Syslinux-4.06-pre14

Matt Fleming matt at console-pimps.org
Mon Nov 5 00:57:05 PST 2012


On Wed, 2012-10-17 at 14:28 +0100, Frediano Ziglio wrote:
> I noted also a bug resetting adv in extlinux. The problem is in
> modify_existing_adv. If opt.reset_adv is set you don't initialize
> filename so the next ext_write_adv will crash. Sorry to report only now.

Thanks Frediano, I queued up the following patch.

---

>From 2bc5ea50ca5f670c1101d7986a70adfc5cae8b48 Mon Sep 17 00:00:00 2001
From: Matt Fleming <matt.fleming at intel.com>
Date: Fri, 2 Nov 2012 17:02:36 +0000
Subject: [PATCH] extlinux: Avoid dereferencing a garbage pointer

If opt.reset_adv is set the call to ext_read_adv() is skipped which
would have initialised 'filename'. This means that a pointer
containing random data from the stack is passed to ext_write_adv().

Just delete the opt.reset_adv logic since modify_adv() handles that
case anyway.

Reported-by: Frediano Ziglio <frediano.ziglio at citrix.com>
Signed-off-by: Matt Fleming <matt.fleming at intel.com>
---
 extlinux/main.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/extlinux/main.c b/extlinux/main.c
index 611b808..9dc8891 100644
--- a/extlinux/main.c
+++ b/extlinux/main.c
@@ -1288,9 +1288,7 @@ int modify_existing_adv(const char *path)
     if (devfd < 0)
 	return 1;
 
-    if (opt.reset_adv)
-	syslinux_reset_adv(syslinux_adv);
-    else if (ext_read_adv(path, devfd, &filename) < 0) {
+    if (ext_read_adv(path, devfd, &filename) < 0) {
 	close(devfd);
 	return 1;
     }
-- 
1.7.11.7

-- 
Matt Fleming, Intel Open Source Technology Center




More information about the Syslinux mailing list