diff options
| author | Tobias Stoeckmann <tobias@cvs.openbsd.org> | 2014-06-27 16:05:21 +0000 |
|---|---|---|
| committer | Tobias Stoeckmann <tobias@cvs.openbsd.org> | 2014-06-27 16:05:21 +0000 |
| commit | 8a5e6e234d8e4199667fa6927237c9e383c96378 (patch) | |
| tree | 57811aca25eb99898bd68bcd03ff8d6bb94b6df2 /sys | |
| parent | 162a2174cb458520fcdf077ea6cd714865bc64d3 (diff) | |
Avoid buffer overflow if there were too many arguments, also adjust lenp
to contain actually consumed space on truncation.
bootarg_list can be static again, it's not referenced from outside.
ok deraadt@
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/stand/boot/bootarg.c | 16 |
1 files changed, 9 insertions, 7 deletions
diff --git a/sys/stand/boot/bootarg.c b/sys/stand/boot/bootarg.c index 8a416259bcd..94ba6fc5c64 100644 --- a/sys/stand/boot/bootarg.c +++ b/sys/stand/boot/bootarg.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bootarg.c,v 1.10 2003/08/11 06:23:07 deraadt Exp $ */ +/* $OpenBSD: bootarg.c,v 1.11 2014/06/27 16:05:20 tobias Exp $ */ /* * Copyright (c) 1997,1998 Michael Shalayeff @@ -30,7 +30,7 @@ #include <lib/libsa/stand.h> #include <stand/boot/bootarg.h> -bootarg_t *bootarg_list; +static bootarg_t *bootarg_list; void addbootarg(int t, size_t l, void *p) @@ -53,18 +53,20 @@ makebootargs(caddr_t v, size_t *lenp) /* get total size */ l = sizeof(*p); - for (p = bootarg_list; p != NULL; p = p->ba_next) + for (p = bootarg_list; p != NULL; p = p->ba_next) { l += p->ba_size; - if (*lenp < l) { + if (*lenp < l) { #ifdef DEBUG - printf("makebootargs: too many args\n"); + printf("makebootargs: too many args\n"); #endif - l = *lenp; + l -= p->ba_size; + break; + } } *lenp = l; /* copy them out */ for (p = bootarg_list, q = v; - p != NULL && ((q + p->ba_size) - (u_char *)v) < l; + p != NULL && ((q + p->ba_size) - (u_char *)v) <= l - sizeof(*p); q += p->ba_size, p = p->ba_next) { #ifdef DEBUG printf("%d,%d ", p->ba_type, p->ba_size); |