[syslinux:lwip] pxe, http: simplify cookie generation, fix boundary conditions

syslinux-bot for H. Peter Anvin hpa at linux.intel.com
Tue Apr 26 17:42:03 PDT 2011 

Commit-ID:  d5cf286f02295c76978f365b9f5d6b848e6c8d4c
Gitweb:     http://syslinux.zytor.com/commit/d5cf286f02295c76978f365b9f5d6b848e6c8d4c
Author:     H. Peter Anvin <hpa at linux.intel.com>
AuthorDate: Tue, 26 Apr 2011 17:37:52 -0700
Committer:  H. Peter Anvin <hpa at linux.intel.com>
CommitDate: Tue, 26 Apr 2011 17:37:52 -0700

pxe, http: simplify cookie generation, fix boundary conditions

Simplify the code to create the cookie header, fix buffer size
boundary conditions.

Signed-off-by: H. Peter Anvin <hpa at linux.intel.com>


---
 core/fs/pxe/http.c |   25 ++++++++++++++++---------
 1 files changed, 16 insertions(+), 9 deletions(-)

diff --git a/core/fs/pxe/http.c b/core/fs/pxe/http.c
index 75b3d3f..a3928ba 100644
--- a/core/fs/pxe/http.c
+++ b/core/fs/pxe/http.c
@@ -59,17 +59,24 @@ static size_t http_do_bake_cookies(char *q)
     size_t n = 0;
     const char *p;
     char c;
-    size_t qlen = q ? -1UL : 0;
     bool first = true;
     uint32_t mask = SendCookies;
 
     for (i = 0; i < SYSAPPEND_MAX; i++) {
 	if ((mask & 1) && (p = sysappend_strings[i])) {
-	    len = snprintf(q, qlen, "%s_Syslinux_", first ? "Cookie: " : "");
-	    if (q)
-		q += len;
-	    n += len;
-	    first = false;
+	    if (first) {
+		if (q) {
+		    strcpy(q, "Cookie: ");
+		    q += 8;
+		}
+		n += 8;
+		first = false;
+	    }
+	    if (q) {
+		strcpy(q, "_Syslinux_");
+		q += 10;
+	    }
+	    n += 10;
 	    /* Copy string up to and including '=' */
 	    do {
 		c = *p++;
@@ -195,8 +202,8 @@ void http_open(struct url_info *url, struct inode *inode, const char **redir)
     strcpy(header_buf, "GET /");
     header_bytes = 5;
     header_bytes += url_escape_unsafe(header_buf+5, url->path,
-				      sizeof header_buf - 5);
-    if (header_bytes > header_len)
+				      header_len - 5);
+    if (header_bytes >= header_len)
 	goto fail;		/* Buffer overflow */
     header_bytes += snprintf(header_buf + header_bytes,
 			     header_len - header_bytes,
@@ -207,7 +214,7 @@ void http_open(struct url_info *url, struct inode *inode, const char **redir)
 			     "%s"
 			     "\r\n",
 			     url->host, cookie_buf ? cookie_buf : "");
-    if (header_bytes > header_len)
+    if (header_bytes >= header_len)
 	goto fail;		/* Buffer overflow */
 
     err = netconn_write(socket->conn, header_buf,

More information about the Syslinux-commits mailing list