proxmox-mirrors/efi-boot-shim
1
0
Fork 0
mirror of https://git.proxmox.com/git/efi-boot-shim synced 2025-08-07 23:06:00 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Correct limits on the length of ipv6 addresses

Browse Source 
The maximum length of a string representation of an ipv6 address is 39
characters (8 groups of 4 hex chars, with 7 colons in between).  So don't
allocate more room than this - and more importantly, don't blindly accept
strings from the server that are longer than our buffer...
This commit is contained in:
Steve Langasek 2013-09-24 12:05:47 -04:00 committed by Peter Jones
parent af049ff457
commit 69a54db486
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
netboot.c
View File

@ -227,7 +227,7 @@ static UINT8 *str2ip6(char *str)
static BOOLEAN extract_tftp_info(CHAR8 *url) static BOOLEAN extract_tftp_info(CHAR8 *url)
{ {
CHAR8 *start, *end; CHAR8 *start, *end;
char ip6str[128]; char ip6str[40];
CHAR8 *template = (CHAR8 *)"/grubx64.efi"; CHAR8 *template = (CHAR8 *)"/grubx64.efi";
if (strncmp((UINT8 *)url, (UINT8 *)"tftp://", 7)) { if (strncmp((UINT8 *)url, (UINT8 *)"tftp://", 7)) {
@ -244,12 +244,16 @@ static BOOLEAN extract_tftp_info(CHAR8 *url)
end = start; end = start;
while ((*end != '\0') && (*end != ']')) { while ((*end != '\0') && (*end != ']')) {
end++; end++;
if (end - start > 39) {
Print(L"TFTP URL includes malformed IPv6 address\n");
return FALSE;
}
} }
if (end == '\0') { if (end == '\0') {
Print(L"TFTP SERVER MUST BE ENCLOSED IN [..]\n"); Print(L"TFTP SERVER MUST BE ENCLOSED IN [..]\n");
return FALSE; return FALSE;
} }
memset(ip6str, 0, 128); memset(ip6str, 0, 40);
memcpy(ip6str, start, end - start); memcpy(ip6str, start, end - start);
end++; end++;
memcpy(&tftp_addr.v6, str2ip6(ip6str), 16); memcpy(&tftp_addr.v6, str2ip6(ip6str), 16);