[v1.2.x] discover/platform-powerpc: Reject bootdevs with empty UUIDs
diff mbox

Message ID 20161122015529.24732-1-sam@mendozajonas.com
State Accepted
Headers show

Commit Message

Samuel Mendoza-Jonas Nov. 22, 2016, 1:55 a.m. UTC
If a "uuid:" label is set in the petitboot,bootdevs or petitboot,bootdev
parameters without a matching UUID, the UUID is unintentionally accepted
and set to NULL. This can cause a segfault in nc-config when device
UUIDs are compared against the autoboot option. Instead treat options
like this as malformed.

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
---
 discover/platform-powerpc.c | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

Patch
diff mbox

diff --git a/discover/platform-powerpc.c b/discover/platform-powerpc.c
index 8fca5bd..e253dd6 100644
--- a/discover/platform-powerpc.c
+++ b/discover/platform-powerpc.c
@@ -412,11 +412,9 @@  static int read_bootdev(void *ctx, char **pos, struct autoboot_option *opt)
 	if (!strncmp(*pos, "uuid:", strlen("uuid:"))) {
 		prefix = strlen("uuid:");
 		opt->boot_type = BOOT_DEVICE_UUID;
-		rc = 0;
 	} else if (!strncmp(*pos, "mac:", strlen("mac:"))) {
 		prefix = strlen("mac:");
 		opt->boot_type = BOOT_DEVICE_UUID;
-		rc = 0;
 	} else {
 		type = find_device_type(*pos);
 		if (type != DEVICE_TYPE_UNKNOWN) {
@@ -430,9 +428,12 @@  static int read_bootdev(void *ctx, char **pos, struct autoboot_option *opt)
 		if (delim)
 			len = (int)(delim - *pos) - prefix;
 		else
-			len = strlen(*pos);
+			len = strlen(*pos) - prefix;
 
-		opt->uuid = talloc_strndup(ctx, *pos + prefix, len);
+		if (len) {
+			opt->uuid = talloc_strndup(ctx, *pos + prefix, len);
+			rc = 0;
+		}
 	}
 
 	/* Always advance pointer to next option or end */
@@ -452,17 +453,19 @@  static void populate_bootdev_config(struct platform_powerpc *platform,
 	unsigned int n_new = 0;
 	const char *val;
 	bool conflict;
+	size_t len = 0;
 
 	/* Check for old-style bootdev */
 	val = get_param(platform, "petitboot,bootdev");
 	if (val && strlen(val)) {
 		pos = talloc_strdup(config, val);
 		if (!strncmp(val, "uuid:", strlen("uuid:")))
-			old_dev = talloc_strdup(config,
-						val + strlen("uuid:"));
+			len = strlen("uuid:");
 		else if (!strncmp(val, "mac:", strlen("mac:")))
-			old_dev = talloc_strdup(config,
-						val + strlen("mac:"));
+			len = strlen("mac:");
+		/* Make sure someone hasn't set a blank UUID */
+		if (len && *(val + len) != '\0')
+			old_dev = talloc_strdup(config, val + len);
 	}
 
 	/* Check for ordered bootdevs */