2008-07-31 21:25:56 +02:00
|
|
|
From: Bernhard Walle <bwalle@suse.de>
|
|
|
|
|
Subject: [PATCH] Fix possible array length overflow
|
2010-12-20 13:48:05 +01:00
|
|
|
References: bnc#256676
|
2008-07-31 21:25:56 +02:00
|
|
|
|
|
|
|
|
Found by dan.yeisley@unisys.com.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Signed-off-by: Bernhard Walle <bwalle@suse.de>
|
|
|
|
|
|
|
|
|
|
---
|
2010-12-20 13:48:05 +01:00
|
|
|
choosers/simple.c | 3 ++-
|
|
|
|
|
1 file changed, 2 insertions(+), 1 deletion(-)
|
2008-07-31 21:25:56 +02:00
|
|
|
|
|
|
|
|
--- a/choosers/simple.c
|
|
|
|
|
+++ b/choosers/simple.c
|
2010-12-20 13:48:05 +01:00
|
|
|
@@ -290,8 +290,9 @@ restart:
|
2008-07-31 21:25:56 +02:00
|
|
|
|
|
|
|
|
if (elilo_opt.prompt) {
|
2010-12-20 13:48:05 +01:00
|
|
|
console_textmode();
|
2008-07-31 21:25:56 +02:00
|
|
|
- ret = select_kernel(buffer, sizeof(buffer));
|
|
|
|
|
+ ret = select_kernel(buffer, CMDLINE_MAXLEN);
|
|
|
|
|
if (ret == -1) return -1;
|
|
|
|
|
+ /* this function takes really the number of bytes ... */
|
|
|
|
|
argc = argify(buffer,sizeof(buffer), argv);
|
|
|
|
|
index = 0;
|
|
|
|
|
}
|
