From 0c74470db4e4a5f1f06e72c7202730bfea8b5f8e Mon Sep 17 00:00:00 2001 From: Steve Langasek Date: Fri, 20 Sep 2013 17:05:30 -0500 Subject: debian/patches/tftp-proper-nul-termination: fix nul termination errors in filenames passed to tftp. --- netboot.c | 34 ++++++++++++++-------------------- 1 file changed, 14 insertions(+), 20 deletions(-) (limited to 'netboot.c') diff --git a/netboot.c b/netboot.c index d64701dd..e5433639 100644 --- a/netboot.c +++ b/netboot.c @@ -227,15 +227,15 @@ static UINT8 *str2ip6(char *str) static BOOLEAN extract_tftp_info(char *url) { - char *start, *end; + CHAR8 *start, *end; char ip6str[128]; - char *template = "/grubx64.efi"; + CHAR8 *template = (CHAR8 *)"/grubx64.efi"; if (strncmp((UINT8 *)url, (UINT8 *)"tftp://", 7)) { Print(L"URLS MUST START WITH tftp://\n"); return FALSE; } - start = url + 7; + start = (CHAR8 *)url + 7; if (*start != '[') { Print(L"TFTP SERVER MUST BE ENCLOSED IN [..]\n"); return FALSE; @@ -250,21 +250,19 @@ static BOOLEAN extract_tftp_info(char *url) Print(L"TFTP SERVER MUST BE ENCLOSED IN [..]\n"); return FALSE; } - *end = '\0'; memset(ip6str, 0, 128); - memcpy(ip6str, start, strlen((UINT8 *)start)); - *end = ']'; + memcpy(ip6str, start, end - start); end++; memcpy(&tftp_addr.v6, str2ip6(ip6str), 16); - full_path = AllocatePool(strlen((UINT8 *)end)+strlen((UINT8 *)template)+1); + full_path = AllocateZeroPool(strlen(end)+strlen(template)+1); if (!full_path) return FALSE; - memset(full_path, 0, strlen((UINT8 *)end)+strlen((UINT8 *)template)); - memcpy(full_path, end, strlen((UINT8 *)end)); - end = strrchr((char *)full_path, '/'); + memcpy(full_path, end, strlen(end)); + end = (CHAR8 *)strrchr((char *)full_path, '/'); if (!end) - end = (char *)full_path; - memcpy(end, template, strlen((UINT8 *)template)); + end = (CHAR8 *)full_path; + memcpy(end, template, strlen(template)); + end[strlen(template)] = '\0'; return TRUE; } @@ -285,19 +283,15 @@ static EFI_STATUS parseDhcp6() static EFI_STATUS parseDhcp4() { - char *template = "/grubx64.efi"; - char *tmp = AllocatePool(16); + CHAR8 *template = (CHAR8 *)"/grubx64.efi"; + full_path = AllocateZeroPool(strlen(template)+1); - - if (!tmp) + if (!full_path) return EFI_OUT_OF_RESOURCES; - memcpy(&tftp_addr.v4, pxe->Mode->DhcpAck.Dhcpv4.BootpSiAddr, 4); - memcpy(tmp, template, 12); - tmp[13] = '\0'; - full_path = (UINT8 *)tmp; + memcpy(full_path, template, strlen(template)); /* Note we don't capture the filename option here because we know its shim.efi * We instead assume the filename at the end of the path is going to be grubx64.efi -- cgit v1.2.3