From owner-svn-src-all@FreeBSD.ORG Thu Oct 9 01:54:33 2014 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 720A59D4; Thu, 9 Oct 2014 01:54:33 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 5E3BFDA4; Thu, 9 Oct 2014 01:54:33 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id s991sX9D051446; Thu, 9 Oct 2014 01:54:33 GMT (envelope-from marcel@FreeBSD.org) Received: (from marcel@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id s991sXmN051445; Thu, 9 Oct 2014 01:54:33 GMT (envelope-from marcel@FreeBSD.org) Message-Id: <201410090154.s991sXmN051445@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: marcel set sender to marcel@FreeBSD.org using -f From: Marcel Moolenaar Date: Thu, 9 Oct 2014 01:54:33 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r272785 - head/sys/boot/i386/gptboot X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Oct 2014 01:54:33 -0000 Author: marcel Date: Thu Oct 9 01:54:32 2014 New Revision: 272785 URL: https://svnweb.freebsd.org/changeset/base/272785 Log: Properly NUL-terminate the on-stack buffer for reading /boot.config or /boot/config. In qemu, on a warm boot, the stack is not all zeroes and we parse beyond the file's contents. Obtained from: Juniper Networks, Inc. Modified: head/sys/boot/i386/gptboot/gptboot.c Modified: head/sys/boot/i386/gptboot/gptboot.c ============================================================================== --- head/sys/boot/i386/gptboot/gptboot.c Thu Oct 9 01:53:23 2014 (r272784) +++ head/sys/boot/i386/gptboot/gptboot.c Thu Oct 9 01:54:32 2014 (r272785) @@ -136,6 +136,7 @@ int main(void) { char cmd[512], cmdtmp[512]; + ssize_t sz; int autoboot, dskupdated; ufs_ino_t ino; @@ -164,9 +165,10 @@ main(void) for (;;) { *kname = '\0'; if ((ino = lookup(PATH_CONFIG)) || - (ino = lookup(PATH_DOTCONFIG))) - fsread(ino, cmd, sizeof(cmd)); - + (ino = lookup(PATH_DOTCONFIG))) { + sz = fsread(ino, cmd, sizeof(cmd) - 1); + cmd[(sz < 0) ? 0 : sz] = '\0'; + } if (*cmd != '\0') { memcpy(cmdtmp, cmd, sizeof(cmdtmp)); if (parse(cmdtmp, &dskupdated))