Overview

File elilo-fix-possible-overflow.diff of Package elilo

From: Bernhard Walle <bwalle@suse.de>
Subject: [PATCH] Fix possible array length overflow
References: bnc#256676

Found by dan.yeisley@unisys.com.


Signed-off-by: Bernhard Walle <bwalle@suse.de>

---
 choosers/simple.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

--- a/choosers/simple.c
+++ b/choosers/simple.c
@@ -290,8 +290,9 @@ restart:
 
 	if (elilo_opt.prompt) {
 		console_textmode();
-		ret = select_kernel(buffer, sizeof(buffer));
+		ret = select_kernel(buffer, CMDLINE_MAXLEN);
 		if (ret == -1) return -1;
+		/* this function takes really the number of bytes ... */
 		argc    = argify(buffer,sizeof(buffer), argv); 
 		index   = 0;
 	}
openSUSE Build Service is sponsored by
Places