[syslinux] [PATCH 1/1] gpxe: fix possible null pointer dereference

Mon Sep 23 18:05:16 PDT 2013

Possibly authority variable (initialized with NULL) might be dereferenced when
an arbitrary path (without "//" on it) is supplied to parse_uri() function

Signed-off-by: Felipe Pena <felipensp at gmail.com>
---
 gpxe/src/core/uri.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gpxe/src/core/uri.c b/gpxe/src/core/uri.c
index 6a1f2e5..4987821 100644
--- a/gpxe/src/core/uri.c
+++ b/gpxe/src/core/uri.c
@@ -151,7 +151,7 @@ struct uri * parse_uri ( const char *uri_string ) {
 	}
 
 	/* Split authority into user[:password] and host[:port] portions */
-	if ( ( tmp = strchr ( authority, '@' ) ) ) {
+	if ( authority != NULL && ( tmp = strchr ( authority, '@' ) ) ) {
 		/* Has user[:password] */
 		*(tmp++) = '\0';
 		uri->host = tmp;
-- 
1.7.10.4

