1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
|
Description: fix nul termination errors in filenames passed to tftp
Fix various errors in the tftp string handling, to ensure we always have
properly nul-terminated strings.
Author: Steve Langasek <steve.langasek@ubuntu.com>
Index: shim/netboot.c
===================================================================
--- shim.orig/netboot.c
+++ shim/netboot.c
@@ -227,15 +227,15 @@
static BOOLEAN extract_tftp_info(char *url)
{
- char *start, *end;
+ CHAR8 *start, *end;
char ip6str[128];
- char *template = "/grubx64.efi";
+ CHAR8 *template = (CHAR8 *)"/grubx64.efi";
if (strncmp((UINT8 *)url, (UINT8 *)"tftp://", 7)) {
Print(L"URLS MUST START WITH tftp://\n");
return FALSE;
}
- start = url + 7;
+ start = (CHAR8 *)url + 7;
if (*start != '[') {
Print(L"TFTP SERVER MUST BE ENCLOSED IN [..]\n");
return FALSE;
@@ -250,21 +250,19 @@
Print(L"TFTP SERVER MUST BE ENCLOSED IN [..]\n");
return FALSE;
}
- *end = '\0';
memset(ip6str, 0, 128);
- memcpy(ip6str, start, strlen((UINT8 *)start));
- *end = ']';
+ memcpy(ip6str, start, end - start);
end++;
memcpy(&tftp_addr.v6, str2ip6(ip6str), 16);
- full_path = AllocatePool(strlen((UINT8 *)end)+strlen((UINT8 *)template)+1);
+ full_path = AllocateZeroPool(strlen(end)+strlen(template)+1);
if (!full_path)
return FALSE;
- memset(full_path, 0, strlen((UINT8 *)end)+strlen((UINT8 *)template));
- memcpy(full_path, end, strlen((UINT8 *)end));
- end = strrchr((char *)full_path, '/');
+ memcpy(full_path, end, strlen(end));
+ end = (CHAR8 *)strrchr((char *)full_path, '/');
if (!end)
- end = (char *)full_path;
- memcpy(end, template, strlen((UINT8 *)template));
+ end = (CHAR8 *)full_path;
+ memcpy(end, template, strlen(template));
+ end[strlen(template)] = '\0';
return TRUE;
}
@@ -285,19 +283,15 @@
static EFI_STATUS parseDhcp4()
{
- char *template = "/grubx64.efi";
- char *tmp = AllocatePool(16);
+ CHAR8 *template = (CHAR8 *)"/grubx64.efi";
+ full_path = AllocateZeroPool(strlen(template)+1);
-
- if (!tmp)
+ if (!full_path)
return EFI_OUT_OF_RESOURCES;
-
memcpy(&tftp_addr.v4, pxe->Mode->DhcpAck.Dhcpv4.BootpSiAddr, 4);
- memcpy(tmp, template, 12);
- tmp[13] = '\0';
- full_path = (UINT8 *)tmp;
+ memcpy(full_path, template, strlen(template));
/* Note we don't capture the filename option here because we know its shim.efi
* We instead assume the filename at the end of the path is going to be grubx64.efi
|
