forked from pool/elilo
28 lines
645 B
Diff
28 lines
645 B
Diff
From: Bernhard Walle <bwalle@suse.de>
|
|
Subject: [PATCH] Fix possible array length overflow
|
|
References: 256676
|
|
|
|
Found by dan.yeisley@unisys.com.
|
|
|
|
|
|
Signed-off-by: Bernhard Walle <bwalle@suse.de>
|
|
|
|
---
|
|
choosers/simple.c | 4 +++-
|
|
1 file changed, 3 insertions(+), 1 deletion(-)
|
|
|
|
--- a/choosers/simple.c
|
|
+++ b/choosers/simple.c
|
|
@@ -283,8 +283,10 @@ restart:
|
|
}
|
|
|
|
if (elilo_opt.prompt) {
|
|
- ret = select_kernel(buffer, sizeof(buffer));
|
|
+ ret = select_kernel(buffer, CMDLINE_MAXLEN);
|
|
if (ret == -1) return -1;
|
|
+
|
|
+ /* this function takes really the number of bytes ... */
|
|
argc = argify(buffer,sizeof(buffer), argv);
|
|
index = 0;
|
|
}
|