[syslinux] [PATCH 1/1] gpxe: fix possible null pointer dereference

Leandro Dorileo l at dorileo.org
Sat Oct 5 21:22:26 PDT 2013


On Sep 23, 2013 10:06 PM, "Felipe Pena" <felipensp at gmail.com> wrote:
>
> Possibly authority variable (initialized with NULL) might be dereferenced
when
> an arbitrary path (without "//" on it) is supplied to parse_uri() function
>
> Signed-off-by: Felipe Pena <felipensp at gmail.com>
> ---
>  gpxe/src/core/uri.c |    2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/gpxe/src/core/uri.c b/gpxe/src/core/uri.c
> index 6a1f2e5..4987821 100644
> --- a/gpxe/src/core/uri.c
> +++ b/gpxe/src/core/uri.c
> @@ -151,7 +151,7 @@ struct uri * parse_uri ( const char *uri_string ) {
>         }
>
>         /* Split authority into user[:password] and host[:port] portions
*/
> -       if ( ( tmp = strchr ( authority, '@' ) ) ) {
> +       if ( authority != NULL && ( tmp = strchr ( authority, '@' ) ) ) {

I don't know the source code but I'm wondering if a null authority should
ever reach here.

>                 /* Has user[:password] */
>                 *(tmp++) = '\0';
>                 uri->host = tmp;
> --
> 1.7.10.4
>
> _______________________________________________
> Syslinux mailing list
> Submissions to Syslinux at zytor.com
> Unsubscribe or set options at:
> http://www.zytor.com/mailman/listinfo/syslinux
> Please do not send private replies to mailing list traffic.
>


More information about the Syslinux mailing list