[syslinux:lwip] pxe, http: correct the header overflow test
syslinux-bot for H. Peter Anvin
hpa at linux.intel.com
Tue Apr 26 15:30:02 PDT 2011
Commit-ID: 99e8e9b8043bc723486f5da22ceb640e2a340457
Gitweb: http://syslinux.zytor.com/commit/99e8e9b8043bc723486f5da22ceb640e2a340457
Author: H. Peter Anvin <hpa at linux.intel.com>
AuthorDate: Tue, 26 Apr 2011 15:23:43 -0700
Committer: H. Peter Anvin <hpa at linux.intel.com>
CommitDate: Tue, 26 Apr 2011 15:23:43 -0700
pxe, http: correct the header overflow test
sizeof header_buf isn't very useful when that's an actual pointer...
Signed-off-by: H. Peter Anvin <hpa at linux.intel.com>
---
core/fs/pxe/http.c | 5 +++--
1 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/core/fs/pxe/http.c b/core/fs/pxe/http.c
index d98cc4a..c7613bb 100644
--- a/core/fs/pxe/http.c
+++ b/core/fs/pxe/http.c
@@ -185,6 +185,7 @@ void http_open(struct url_info *url, struct inode *inode, const char **redir)
addr.addr = url->ip;
if (!url->port)
url->port = HTTP_PORT;
+
err = netconn_connect(socket->conn, &addr, url->port);
if (err) {
printf("netconn_connect error %d\n", err);
@@ -194,7 +195,7 @@ void http_open(struct url_info *url, struct inode *inode, const char **redir)
strcpy(header_buf, "GET /");
header_bytes = 5;
header_bytes += url_escape_unsafe(header_buf+5, url->path,
- sizeof header_buf - 5);
+ sizeof header_buf - 5);
if (header_bytes > header_len)
goto fail; /* Buffer overflow */
header_bytes += snprintf(header_buf + header_bytes,
@@ -206,7 +207,7 @@ void http_open(struct url_info *url, struct inode *inode, const char **redir)
"%s"
"\r\n",
url->host, cookie_buf ? cookie_buf : "");
- if (header_bytes > sizeof header_buf)
+ if (header_bytes > header_len)
goto fail; /* Buffer overflow */
err = netconn_write(socket->conn, header_buf,
More information about the Syslinux-commits
mailing list