multiboot: Limit number of multiboot modules

Add size checks to avoid overwriting the multiboot structure when too many modules are loaded. Patchworks-ID: 35700 Signed-off-by: Adam Lackorzynski <adam@os.inf.tu-dresden.de> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2009-10-11 15:48:41 +02:00 · 2009-10-11 15:48:41 +02:00 · bf854d65a5
parent 3f3d583efd
commit bf854d65a5
1 changed files with 8 additions and 1 deletions
--- a/hw/pc.c
+++ b/hw/pc.c
@ -702,6 +702,10 @@ static int load_multiboot(void *fw_cfg,
        int mb_mod_count = 0;

        do {
+            if (mb_mod_info + 16 > mb_mod_cmdline) {
+                printf("WARNING: Too many modules loaded, aborting.\n");
+                break;
+            }
            next_initrd = strchr(initrd_filename, ',');
            if (next_initrd)
                *next_initrd = '\0';
@ -712,8 +716,11 @@ static int load_multiboot(void *fw_cfg,
                    initrd_filename);
            stl_p(bootinfo + mb_mod_info + 8, mb_bootinfo + mb_mod_cmdline); /* string */
            mb_mod_cmdline += strlen(initrd_filename) + 1;
-            if (mb_mod_cmdline > sizeof(bootinfo))
+            if (mb_mod_cmdline > sizeof(bootinfo)) {
                mb_mod_cmdline = sizeof(bootinfo);
+                printf("WARNING: Too many module cmdlines loaded, aborting.\n");
+                break;
+            }
            if ((next_space = strchr(initrd_filename, ' ')))
                *next_space = '\0';
 #ifdef DEBUG_MULTIBOOT