pxe: Ensure we don't overflow bootargs

On a couple of platforms I've tripped over long PXE append lines overflowing this array, due to having CONFIG_SYS_CBSIZE == 256. When doing preseeded Debian installs it's pretty trivial to exceed that. Since the symptom can be a silent hang or a crash add a check. Of course the affected boards would also need an increased CBSIZE to actually work. Note that due to the printing of the final bootargs string CONFIG_SYS_PBSIZE also needs to be sufficiently large. Signed-off-by: N Ian Campbell <ian.campbell@citrix.com> [trini: Use %zd not %d in printf for all args] Signed-off-by: N Tom Rini <trini@ti.com>

pxe: Ensure we don't overflow bootargs
On a couple of platforms I've tripped over long PXE append lines overflowing this array, due to having CONFIG_SYS_CBSIZE == 256. When doing preseeded Debian installs it's pretty trivial to exceed that. Since the symptom can be a silent hang or a crash add a check. Of course the affected boards would also need an increased CBSIZE to actually work. Note that due to the printing of the final bootargs string CONFIG_SYS_PBSIZE also needs to be sufficiently large. Signed-off-by: N Ian Campbell <ian.campbell@citrix.com> [trini: Use %zd not %d in printf for all args] Signed-off-by: N Tom Rini <trini@ti.com>
64a0c247 · Ian Campbell · Tom Rini · f885b849 · 64a0c247
隐藏空白更改
内联并排

Showing with 9 addition and 0 deletion

common/cmd_pxe.c common/cmd_pxe.c +9 -0

未找到文件。
--- a/common/cmd_pxe.c
+++ b/common/cmd_pxe.c
@@ -674,6 +674,15 @@ static int label_boot(cmd_tbl_t *cmdtp, struct pxe_label *label)
 		char bootargs[CONFIG_SYS_CBSIZE] = "";
 		char finalbootargs[CONFIG_SYS_CBSIZE];

+		if (strlen(label->append ?: "") +
+		    strlen(ip_str) + strlen(mac_str) + 1 > sizeof(bootargs)) {
+			printf("bootarg overflow %zd+%zd+%zd+1 > %zd\n",
+			       strlen(label->append ?: ""),
+			       strlen(ip_str), strlen(mac_str),
+			       sizeof(bootargs));
+			return 1;
+		}
+
 		if (label->append)
 			strcpy(bootargs, label->append);
 		strcat(bootargs, ip_str);