From patchwork Fri Jun 1 05:26:50 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Thomas Huth X-Patchwork-Id: 923762 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 40xtB55Tybz9s08 for ; Fri, 1 Jun 2018 15:27:09 +1000 (AEST) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=redhat.com Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 40xtB54GlkzF0Tj for ; Fri, 1 Jun 2018 15:27:09 +1000 (AEST) Authentication-Results: lists.ozlabs.org; dmarc=pass (p=none dis=none) header.from=redhat.com X-Original-To: slof@lists.ozlabs.org Delivered-To: slof@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=redhat.com (client-ip=66.187.233.73; helo=mx1.redhat.com; envelope-from=thuth@redhat.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=pass (p=none dis=none) header.from=redhat.com Received: from mx1.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 40xt9t3YrzzDrbm for ; Fri, 1 Jun 2018 15:26:57 +1000 (AEST) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id EF93F406E8C0; Fri, 1 Jun 2018 05:26:54 +0000 (UTC) Received: from thh440s.redhat.com (ovpn-116-19.ams2.redhat.com [10.36.116.19]) by smtp.corp.redhat.com (Postfix) with ESMTP id E398663AFC; Fri, 1 Jun 2018 05:26:53 +0000 (UTC) From: Thomas Huth To: slof@lists.ozlabs.org Date: Fri, 1 Jun 2018 07:26:50 +0200 Message-Id: <1527830811-23372-2-git-send-email-thuth@redhat.com> In-Reply-To: <1527830811-23372-1-git-send-email-thuth@redhat.com> References: <1527830811-23372-1-git-send-email-thuth@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.7]); Fri, 01 Jun 2018 05:26:55 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.7]); Fri, 01 Jun 2018 05:26:55 +0000 (UTC) for IP:'10.11.54.5' DOMAIN:'int-mx05.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'thuth@redhat.com' RCPT:'' Subject: [SLOF] [PATCH 1/2] lib/libnet/pxelinux: Make the size handling for pxelinux_load_cfg more logical X-BeenThere: slof@lists.ozlabs.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: "Patches for https://github.com/aik/SLOF" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Greg Kurz MIME-Version: 1.0 Errors-To: slof-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "SLOF" The pxelinux_load_cfg() function always tried to load one byte less than its parameter said (so that we've got space for a terminating NUL-character later). This is not very intuitive, let's better ask for one byte less when we call the function. While we're at it, add a sanity check that the function really did not load more bytes than requested. Signed-off-by: Thomas Huth --- lib/libnet/pxelinux.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/lib/libnet/pxelinux.c b/lib/libnet/pxelinux.c index 718ceca..eaead48 100644 --- a/lib/libnet/pxelinux.c +++ b/lib/libnet/pxelinux.c @@ -95,7 +95,7 @@ static int pxelinux_load_cfg(filename_ip_t *fn_ip, uint8_t *mac, const char *uui return -1; } strcpy(baseptr, fn_ip->pl_cfgfile); - rc = pxelinux_tftp_load(fn_ip, cfgbuf, cfgbufsize - 1, retries); + rc = pxelinux_tftp_load(fn_ip, cfgbuf, cfgbufsize, retries); if (rc > 0) { return rc; } @@ -104,7 +104,7 @@ static int pxelinux_load_cfg(filename_ip_t *fn_ip, uint8_t *mac, const char *uui /* Try to load config file with name based on the VM UUID */ if (uuid) { strcpy(baseptr, uuid); - rc = pxelinux_tftp_load(fn_ip, cfgbuf, cfgbufsize - 1, retries); + rc = pxelinux_tftp_load(fn_ip, cfgbuf, cfgbufsize, retries); if (rc > 0) { return rc; } @@ -113,7 +113,7 @@ static int pxelinux_load_cfg(filename_ip_t *fn_ip, uint8_t *mac, const char *uui /* Look for config file with MAC address in its name */ sprintf(baseptr, "01-%02x-%02x-%02x-%02x-%02x-%02x", mac[0], mac[1], mac[2], mac[3], mac[4], mac[5]); - rc = pxelinux_tftp_load(fn_ip, cfgbuf, cfgbufsize - 1, retries); + rc = pxelinux_tftp_load(fn_ip, cfgbuf, cfgbufsize, retries); if (rc > 0) { return rc; } @@ -127,7 +127,7 @@ static int pxelinux_load_cfg(filename_ip_t *fn_ip, uint8_t *mac, const char *uui fn_ip->own_ip & 0xff); for (idx = 0; idx <= 7; idx++) { baseptr[8 - idx] = 0; - rc = pxelinux_tftp_load(fn_ip, cfgbuf, cfgbufsize - 1, + rc = pxelinux_tftp_load(fn_ip, cfgbuf, cfgbufsize, retries); if (rc > 0) { return rc; @@ -137,7 +137,7 @@ static int pxelinux_load_cfg(filename_ip_t *fn_ip, uint8_t *mac, const char *uui /* Try "default" config file */ strcpy(baseptr, "default"); - rc = pxelinux_tftp_load(fn_ip, cfgbuf, cfgbufsize - 1, retries); + rc = pxelinux_tftp_load(fn_ip, cfgbuf, cfgbufsize, retries); return rc; } @@ -240,9 +240,13 @@ int pxelinux_load_parse_cfg(filename_ip_t *fn_ip, uint8_t *mac, const char *uuid { int rc; - rc = pxelinux_load_cfg(fn_ip, mac, uuid, retries, cfgbuf, cfgsize); + rc = pxelinux_load_cfg(fn_ip, mac, uuid, retries, cfgbuf, cfgsize - 1); if (rc < 0) return rc; + if (rc >= cfgsize) { /* This should never happen */ + puts("Downloaded pxelinux.cfg is too big!"); + return -1; + } return pxelinux_parse_cfg(cfgbuf, rc, entries, max_entries, def_ent); }