Diffusion FreeBSD src repository - subversion rS304532

loader is filling fixed length command_errbuf with sprintf() and is trusting
rS304532
Actions

Tags

None

Referenced Files

None

Subscribers

None

Description

loader is filling fixed length command_errbuf with sprintf() and is trusting
strings provided by user/config files. This update is replacing sprintf with
snprintf for cases the command_errbuf is built from dynamic content.

PR: 211958
Reported by: ecturt@gmail.com
Reviewed by: imp, allanjude
Approved by: imp (mentor), allanjude (mentor)
Differential Revision: https://reviews.freebsd.org/D7563

Details

Provenance

Authored on

Reviewer

Differential Revision

D7563: Bug 211958 - Boot overflows when reading loader.conf

Parents

rS304531: Cleanup some left-over CMakeLists.txt files.

Branches

Unknown

Tags

Unknown

Event Timeline

tsoome committed rS304532: loader is filling fixed length command_errbuf with sprintf() and is trusting.Aug 20 2016, 4:23 PM

Changes (8)

Path

Size

head/

sys/

boot/

common/

efi/

loader/

arch/

amd64/

fdt/

fdt_loader_cmd.c

rS304532

head/sys/boot/common/boot.c

Loading...

head/sys/boot/common/bootstrap.h

Loading...

head/sys/boot/common/commands.c

Loading...

head/sys/boot/common/interp.c

Loading...

head/sys/boot/common/ls.c

Loading...

head/sys/boot/common/module.c

Loading...

head/sys/boot/efi/loader/arch/amd64/framebuffer.c

Loading...

head/sys/boot/fdt/fdt_loader_cmd.c

Loading...