This is the mail archive of the
ecos-discuss@sources.redhat.com
mailing list for the eCos project.
RedBoot: bootp buffer overrun -- patch attached
- To: ecos-discuss at sources dot redhat dot com
- Subject: [ECOS] RedBoot: bootp buffer overrun -- patch attached
- From: Grant Edwards <grante at visi dot com>
- Date: Thu, 15 Mar 2001 10:05:21 -0600
I ran into a buffer overrun error when a bootp server returned
a bootp packet bigger than the bootp_header_t struct. A patch
against current CVS code is attached.
--
Grant Edwards
grante@visi.com
Index: bootp.c
===================================================================
RCS file: /cvs/ecos/ecos/packages/redboot/current/src/net/bootp.c,v
retrieving revision 1.2
diff -U5 -r1.2 bootp.c
--- bootp.c 2001/02/13 01:23:39 1.2
+++ bootp.c 2001/03/15 15:59:30
@@ -61,10 +61,12 @@
{
bootp_header_t *b;
b = (bootp_header_t *)buf;
if (bp_info) {
+ if (len > sizeof *bp_info)
+ len = sizeof *bp_info;
memcpy(bp_info, b, len);
}
if (b->bp_op == BOOTREPLY &&
!memcmp(b->bp_chaddr, __local_enet_addr, 6)) {