multiboot: Limit number of multiboot modules
Add size checks to avoid overwriting the multiboot structure when too many modules are loaded. Patchworks-ID: 35700 Signed-off-by: Adam Lackorzynski <adam@os.inf.tu-dresden.de> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This commit is contained in:
parent
3f3d583efd
commit
bf854d65a5
1 changed files with 8 additions and 1 deletions
9
hw/pc.c
9
hw/pc.c
|
@ -702,6 +702,10 @@ static int load_multiboot(void *fw_cfg,
|
||||||
int mb_mod_count = 0;
|
int mb_mod_count = 0;
|
||||||
|
|
||||||
do {
|
do {
|
||||||
|
if (mb_mod_info + 16 > mb_mod_cmdline) {
|
||||||
|
printf("WARNING: Too many modules loaded, aborting.\n");
|
||||||
|
break;
|
||||||
|
}
|
||||||
next_initrd = strchr(initrd_filename, ',');
|
next_initrd = strchr(initrd_filename, ',');
|
||||||
if (next_initrd)
|
if (next_initrd)
|
||||||
*next_initrd = '\0';
|
*next_initrd = '\0';
|
||||||
|
@ -712,8 +716,11 @@ static int load_multiboot(void *fw_cfg,
|
||||||
initrd_filename);
|
initrd_filename);
|
||||||
stl_p(bootinfo + mb_mod_info + 8, mb_bootinfo + mb_mod_cmdline); /* string */
|
stl_p(bootinfo + mb_mod_info + 8, mb_bootinfo + mb_mod_cmdline); /* string */
|
||||||
mb_mod_cmdline += strlen(initrd_filename) + 1;
|
mb_mod_cmdline += strlen(initrd_filename) + 1;
|
||||||
if (mb_mod_cmdline > sizeof(bootinfo))
|
if (mb_mod_cmdline > sizeof(bootinfo)) {
|
||||||
mb_mod_cmdline = sizeof(bootinfo);
|
mb_mod_cmdline = sizeof(bootinfo);
|
||||||
|
printf("WARNING: Too many module cmdlines loaded, aborting.\n");
|
||||||
|
break;
|
||||||
|
}
|
||||||
if ((next_space = strchr(initrd_filename, ' ')))
|
if ((next_space = strchr(initrd_filename, ' ')))
|
||||||
*next_space = '\0';
|
*next_space = '\0';
|
||||||
#ifdef DEBUG_MULTIBOOT
|
#ifdef DEBUG_MULTIBOOT
|
||||||
|
|
Reference in a new issue