[syslinux] [PATCH 1/1] gpxe: fix possible null pointer dereference
Leandro Dorileo
l at dorileo.org
Sat Oct 5 21:22:26 PDT 2013
On Sep 23, 2013 10:06 PM, "Felipe Pena" <felipensp at gmail.com> wrote:
>
> Possibly authority variable (initialized with NULL) might be dereferenced
when
> an arbitrary path (without "//" on it) is supplied to parse_uri() function
>
> Signed-off-by: Felipe Pena <felipensp at gmail.com>
> ---
> gpxe/src/core/uri.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/gpxe/src/core/uri.c b/gpxe/src/core/uri.c
> index 6a1f2e5..4987821 100644
> --- a/gpxe/src/core/uri.c
> +++ b/gpxe/src/core/uri.c
> @@ -151,7 +151,7 @@ struct uri * parse_uri ( const char *uri_string ) {
> }
>
> /* Split authority into user[:password] and host[:port] portions
*/
> - if ( ( tmp = strchr ( authority, '@' ) ) ) {
> + if ( authority != NULL && ( tmp = strchr ( authority, '@' ) ) ) {
I don't know the source code but I'm wondering if a null authority should
ever reach here.
> /* Has user[:password] */
> *(tmp++) = '\0';
> uri->host = tmp;
> --
> 1.7.10.4
>
> _______________________________________________
> Syslinux mailing list
> Submissions to Syslinux at zytor.com
> Unsubscribe or set options at:
> http://www.zytor.com/mailman/listinfo/syslinux
> Please do not send private replies to mailing list traffic.
>
More information about the Syslinux
mailing list