This is the mail archive of the ecos-discuss@sources.redhat.com mailing list for the eCos project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]

RedBoot: bootp buffer overrun -- patch attached

To: ecos-discuss at sources dot redhat dot com
Subject: [ECOS] RedBoot: bootp buffer overrun -- patch attached
From: Grant Edwards <grante at visi dot com>
Date: Thu, 15 Mar 2001 10:05:21 -0600


I ran into a buffer overrun error when a bootp server returned
a bootp packet bigger than the bootp_header_t struct. A patch
against current CVS code is attached.

-- 
Grant Edwards
grante@visi.com

Index: bootp.c
===================================================================
RCS file: /cvs/ecos/ecos/packages/redboot/current/src/net/bootp.c,v
retrieving revision 1.2
diff -U5 -r1.2 bootp.c
--- bootp.c	2001/02/13 01:23:39	1.2
+++ bootp.c	2001/03/15 15:59:30
@@ -61,10 +61,12 @@
 {
     bootp_header_t *b;
 
     b = (bootp_header_t *)buf;
     if (bp_info) {
+        if (len > sizeof *bp_info)
+           len = sizeof *bp_info;
         memcpy(bp_info, b, len);
     }
 
     if (b->bp_op == BOOTREPLY && 
 	!memcmp(b->bp_chaddr, __local_enet_addr, 6)) {

Follow-Ups:
- RE: RedBoot: bootp buffer overrun -- patch attached
  - From: Gary Thomas

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]