Overview

File elilo-fix-possible-overflow.diff of Package elilo

From: Bernhard Walle <bwalle@suse.de>
Subject: [PATCH] Fix possible array length overflow
References: 256676

Found by dan.yeisley@unisys.com.


Signed-off-by: Bernhard Walle <bwalle@suse.de>

---
 choosers/simple.c |    4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

--- a/choosers/simple.c
+++ b/choosers/simple.c
@@ -283,8 +283,10 @@ restart:
 	}
 
 	if (elilo_opt.prompt) {
-		ret = select_kernel(buffer, sizeof(buffer));
+		ret = select_kernel(buffer, CMDLINE_MAXLEN);
 		if (ret == -1) return -1;
+
+		/* this function takes really the number of bytes ... */
 		argc    = argify(buffer,sizeof(buffer), argv); 
 		index   = 0;
 	}
openSUSE Build Service is sponsored by
Places