[syslinux] [PATCH 1/1] gpxe: fix possible null pointer dereference
Felipe Pena
felipensp at gmail.com
Sun Oct 6 06:49:23 PDT 2013
Hi,
On Sun, Oct 6, 2013 at 1:22 AM, Leandro Dorileo <l at dorileo.org> wrote:
> On Sep 23, 2013 10:06 PM, "Felipe Pena" <felipensp at gmail.com> wrote:
>>
>> Possibly authority variable (initialized with NULL) might be dereferenced
> when
>> an arbitrary path (without "//" on it) is supplied to parse_uri() function
>>
>> Signed-off-by: Felipe Pena <felipensp at gmail.com>
>> ---
>> gpxe/src/core/uri.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/gpxe/src/core/uri.c b/gpxe/src/core/uri.c
>> index 6a1f2e5..4987821 100644
>> --- a/gpxe/src/core/uri.c
>> +++ b/gpxe/src/core/uri.c
>> @@ -151,7 +151,7 @@ struct uri * parse_uri ( const char *uri_string ) {
>> }
>>
>> /* Split authority into user[:password] and host[:port] portions
> */
>> - if ( ( tmp = strchr ( authority, '@' ) ) ) {
>> + if ( authority != NULL && ( tmp = strchr ( authority, '@' ) ) ) {
>
> I don't know the source code but I'm wondering if a null authority should
> ever reach here.
>
If the supplied path doesn't contains a "//" on it, this code fragment
will work with a null authority there.
It was just my assumption that some usage of this function could to be
flawed about this.
>> /* Has user[:password] */
>> *(tmp++) = '\0';
>> uri->host = tmp;
>> --
>> 1.7.10.4
>>
>> _______________________________________________
>> Syslinux mailing list
>> Submissions to Syslinux at zytor.com
>> Unsubscribe or set options at:
>> http://www.zytor.com/mailman/listinfo/syslinux
>> Please do not send private replies to mailing list traffic.
>>
> _______________________________________________
> Syslinux mailing list
> Submissions to Syslinux at zytor.com
> Unsubscribe or set options at:
> http://www.zytor.com/mailman/listinfo/syslinux
> Please do not send private replies to mailing list traffic.
>
--
Regards,
Felipe Pena
More information about the Syslinux
mailing list