summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorIan Campbell <ian.campbell@citrix.com>2014-10-03 14:29:01 +0100
committerTom Rini <trini@ti.com>2014-10-10 09:44:21 -0400
commit64a0c24726530696bf0c2cdaa75d171d957a7ee0 (patch)
treec4d2f6e83d2452c6536760a1ee95b326b795147d
parentf885b849681ce0f15c2df313f38ae06a601be506 (diff)
downloadu-boot-imx-64a0c24726530696bf0c2cdaa75d171d957a7ee0.zip
u-boot-imx-64a0c24726530696bf0c2cdaa75d171d957a7ee0.tar.gz
u-boot-imx-64a0c24726530696bf0c2cdaa75d171d957a7ee0.tar.bz2
pxe: Ensure we don't overflow bootargs
On a couple of platforms I've tripped over long PXE append lines overflowing this array, due to having CONFIG_SYS_CBSIZE == 256. When doing preseeded Debian installs it's pretty trivial to exceed that. Since the symptom can be a silent hang or a crash add a check. Of course the affected boards would also need an increased CBSIZE to actually work. Note that due to the printing of the final bootargs string CONFIG_SYS_PBSIZE also needs to be sufficiently large. Signed-off-by: Ian Campbell <ian.campbell@citrix.com> [trini: Use %zd not %d in printf for all args] Signed-off-by: Tom Rini <trini@ti.com>
-rw-r--r--common/cmd_pxe.c9
1 files changed, 9 insertions, 0 deletions
diff --git a/common/cmd_pxe.c b/common/cmd_pxe.c
index 0ab1e0a..7e32c95 100644
--- a/common/cmd_pxe.c
+++ b/common/cmd_pxe.c
@@ -674,6 +674,15 @@ static int label_boot(cmd_tbl_t *cmdtp, struct pxe_label *label)
char bootargs[CONFIG_SYS_CBSIZE] = "";
char finalbootargs[CONFIG_SYS_CBSIZE];
+ if (strlen(label->append ?: "") +
+ strlen(ip_str) + strlen(mac_str) + 1 > sizeof(bootargs)) {
+ printf("bootarg overflow %zd+%zd+%zd+1 > %zd\n",
+ strlen(label->append ?: ""),
+ strlen(ip_str), strlen(mac_str),
+ sizeof(bootargs));
+ return 1;
+ }
+
if (label->append)
strcpy(bootargs, label->append);
strcat(bootargs, ip_str);