Felipe Pena
2013-Sep-24 01:05 UTC
[syslinux] [PATCH 1/1] gpxe: fix possible null pointer dereference
Possibly authority variable (initialized with NULL) might be dereferenced when an arbitrary path (without "//" on it) is supplied to parse_uri() function Signed-off-by: Felipe Pena <felipensp at gmail.com> --- gpxe/src/core/uri.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gpxe/src/core/uri.c b/gpxe/src/core/uri.c index 6a1f2e5..4987821 100644 --- a/gpxe/src/core/uri.c +++ b/gpxe/src/core/uri.c @@ -151,7 +151,7 @@ struct uri * parse_uri ( const char *uri_string ) { } /* Split authority into user[:password] and host[:port] portions */ - if ( ( tmp = strchr ( authority, '@' ) ) ) { + if ( authority != NULL && ( tmp = strchr ( authority, '@' ) ) ) { /* Has user[:password] */ *(tmp++) = '\0'; uri->host = tmp; -- 1.7.10.4
Leandro Dorileo
2013-Oct-06 04:22 UTC
[syslinux] [PATCH 1/1] gpxe: fix possible null pointer dereference
On Sep 23, 2013 10:06 PM, "Felipe Pena" <felipensp at gmail.com> wrote:> > Possibly authority variable (initialized with NULL) might be dereferencedwhen> an arbitrary path (without "//" on it) is supplied to parse_uri() function > > Signed-off-by: Felipe Pena <felipensp at gmail.com> > --- > gpxe/src/core/uri.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/gpxe/src/core/uri.c b/gpxe/src/core/uri.c > index 6a1f2e5..4987821 100644 > --- a/gpxe/src/core/uri.c > +++ b/gpxe/src/core/uri.c > @@ -151,7 +151,7 @@ struct uri * parse_uri ( const char *uri_string ) { > } > > /* Split authority into user[:password] and host[:port] portions*/> - if ( ( tmp = strchr ( authority, '@' ) ) ) { > + if ( authority != NULL && ( tmp = strchr ( authority, '@' ) ) ) {I don't know the source code but I'm wondering if a null authority should ever reach here.> /* Has user[:password] */ > *(tmp++) = '\0'; > uri->host = tmp; > -- > 1.7.10.4 > > _______________________________________________ > Syslinux mailing list > Submissions to Syslinux at zytor.com > Unsubscribe or set options at: > http://www.zytor.com/mailman/listinfo/syslinux > Please do not send private replies to mailing list traffic. >
Felipe Pena
2013-Oct-06 13:49 UTC
[syslinux] [PATCH 1/1] gpxe: fix possible null pointer dereference
Hi, On Sun, Oct 6, 2013 at 1:22 AM, Leandro Dorileo <l at dorileo.org> wrote:> On Sep 23, 2013 10:06 PM, "Felipe Pena" <felipensp at gmail.com> wrote: >> >> Possibly authority variable (initialized with NULL) might be dereferenced > when >> an arbitrary path (without "//" on it) is supplied to parse_uri() function >> >> Signed-off-by: Felipe Pena <felipensp at gmail.com> >> --- >> gpxe/src/core/uri.c | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/gpxe/src/core/uri.c b/gpxe/src/core/uri.c >> index 6a1f2e5..4987821 100644 >> --- a/gpxe/src/core/uri.c >> +++ b/gpxe/src/core/uri.c >> @@ -151,7 +151,7 @@ struct uri * parse_uri ( const char *uri_string ) { >> } >> >> /* Split authority into user[:password] and host[:port] portions > */ >> - if ( ( tmp = strchr ( authority, '@' ) ) ) { >> + if ( authority != NULL && ( tmp = strchr ( authority, '@' ) ) ) { > > I don't know the source code but I'm wondering if a null authority should > ever reach here. >If the supplied path doesn't contains a "//" on it, this code fragment will work with a null authority there. It was just my assumption that some usage of this function could to be flawed about this.>> /* Has user[:password] */ >> *(tmp++) = '\0'; >> uri->host = tmp; >> -- >> 1.7.10.4 >> >> _______________________________________________ >> Syslinux mailing list >> Submissions to Syslinux at zytor.com >> Unsubscribe or set options at: >> http://www.zytor.com/mailman/listinfo/syslinux >> Please do not send private replies to mailing list traffic. >> > _______________________________________________ > Syslinux mailing list > Submissions to Syslinux at zytor.com > Unsubscribe or set options at: > http://www.zytor.com/mailman/listinfo/syslinux > Please do not send private replies to mailing list traffic. >-- Regards, Felipe Pena
H. Peter Anvin
2013-Oct-07 22:43 UTC
[syslinux] [PATCH 1/1] gpxe: fix possible null pointer dereference
On 09/23/2013 06:05 PM, Felipe Pena wrote:> Possibly authority variable (initialized with NULL) might be dereferenced when > an arbitrary path (without "//" on it) is supplied to parse_uri() function > > Signed-off-by: Felipe Pena <felipensp at gmail.com> > --- > gpxe/src/core/uri.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) >We should kill the included gpxe and either replace it with ipxe or just remove it entirely. -hpa
Georgi Georgiev
2013-Oct-08 11:16 UTC
[syslinux] [PATCH 1/1] gpxe: fix possible null pointer dereference
?????????, ???????? ?, ?? ??????? (212.122.187.225) ???? ????? ? ???????? DNS ? # host 212.122.187.225 Host 225.187.122.212.in-addr.arpa. not found: 3(NXDOMAIN) ????, ????????? ????? ( ??? ?????? ????????? ?? ???????? ??? ???? ? ??? ???? ) ? ??????????? ?? ?????? ???????? ?? ????????? ?? .. ????????, ?????? ???????? -----Original Message----- From: syslinux-bounces at zytor.com [mailto:syslinux-bounces at zytor.com] On Behalf Of H. Peter Anvin Sent: Tuesday, October 08, 2013 1:44 AM To: syslinux at zytor.com Subject: Re: [syslinux] [PATCH 1/1] gpxe: fix possible null pointer dereference On 09/23/2013 06:05 PM, Felipe Pena wrote:> Possibly authority variable (initialized with NULL) might be > dereferenced when an arbitrary path (without "//" on it) is supplied > to parse_uri() function > > Signed-off-by: Felipe Pena <felipensp at gmail.com> > --- > gpxe/src/core/uri.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) >We should kill the included gpxe and either replace it with ipxe or just remove it entirely. -hpa _______________________________________________ Syslinux mailing list Submissions to Syslinux at zytor.com Unsubscribe or set options at: http://www.zytor.com/mailman/listinfo/syslinux Please do not send private replies to mailing list traffic. ----- No virus found in this message. Checked by AVG - www.avg.com Version: 2012.0.2242 / Virus Database: 3222/6229 - Release Date: 10/07/13
Reasonably Related Threads
- [PATCH 1/1] gpxe: fix possible null pointer dereference
- [PATCH 1/1] gpxe: fix possible null pointer dereference
- [PATCH 1/1] com32: hdt: fix memory leak
- Syslinux 3.70pre9 - sanboot.c32 says: gPXE API not detected'
- Xen4CentOS: Unnecessary gpxe / ipxe obsoletes