[syslinux:pathbased] pxe: don't allow URL parsing to produce zero bytes; retune

syslinux-bot for H. Peter Anvin hpa at zytor.com
Mon Mar 1 09:03:02 PST 2010


Commit-ID:  db072f4138113be37bfa806b56d1e8bcc9d91cf8
Gitweb:     http://syslinux.zytor.com/commit/db072f4138113be37bfa806b56d1e8bcc9d91cf8
Author:     H. Peter Anvin <hpa at zytor.com>
AuthorDate: Mon, 1 Mar 2010 09:01:27 -0800
Committer:  H. Peter Anvin <hpa at zytor.com>
CommitDate: Mon, 1 Mar 2010 09:01:27 -0800

pxe: don't allow URL parsing to produce zero bytes; retune

Don't allow URL escapes to produce zero bytes (%00).  Also, assume
TFTP URLs are going to be less common than "plain" filenames, so defer
the type testing until we know it's a URL.

Signed-off-by: H. Peter Anvin <hpa at zytor.com>


---
 core/fs/pxe/pxe.c |   29 +++++++++++++++++++++--------
 1 files changed, 21 insertions(+), 8 deletions(-)

diff --git a/core/fs/pxe/pxe.c b/core/fs/pxe/pxe.c
index 292e27d..a71bbd7 100644
--- a/core/fs/pxe/pxe.c
+++ b/core/fs/pxe/pxe.c
@@ -165,6 +165,18 @@ static void uchexbytes(char *dst, const void *src, int count)
 }
 
 /*
+ * Parse a single hexadecimal byte, which must be complete (two
+ * digits).  This is used in URL parsing.
+ */
+static int hexbyte(const char *p)
+{
+    if (!is_hex(p[0]) || !is_hex(p[1]))
+	return -1;
+    else
+	return (hexval(p[0]) << 4) + hexval(p[1]);
+}
+
+/*
  * Tests an IP address in _ip_ for validity; return with 0 for bad, 1 for good.
  * We used to refuse class E, but class E addresses are likely to become
  * assignable unicast addresses in the near future.
@@ -372,9 +384,6 @@ static enum pxe_path_type pxe_path_type(const char *str)
 {
     const char *p;
     
-    if (strncasecmp(str, "tftp://", 7))
-	return PXE_URL_TFTP;
-
     p = str;
 
     while (1) {
@@ -385,8 +394,12 @@ static enum pxe_path_type pxe_path_type(const char *str)
 		    return PXE_HOMESERVER;
 		else
 		    return PXE_TFTP;
-	    } else if (p > str && p[1] == '/' && p[2] == '/')
-		return PXE_URL;
+	    } else if (p > str && p[1] == '/' && p[2] == '/') {
+		if (strncasecmp(str, "tftp://", 7))
+		    return PXE_URL_TFTP;
+		else
+		    return PXE_URL;
+	    }
 
 	    /* else fall through */
 	case '/': case '!': case '@': case '#': case '%':
@@ -714,9 +727,9 @@ static void pxe_searchdir(const char *filename, struct file *file)
 	 * 3617); it is to be followed by TFTP modes, which we just ignore.
 	 */
 	while (*np && *np != ';') {
-	    if (*np == '%') {
-		if (is_hex(np[1]) && is_hex(np[2]))
-		    *buf++ = (hexval(np[1]) << 4) + hexval(np[2]);
+	    int v;
+	    if (*np == '%' && (v = hexbyte(np+1)) > 0) {
+		*buf++ = v;
 		np += 3;
 	    } else {
 		*buf++ = *np++;



More information about the Syslinux-commits mailing list