[settings] Handle errors in fetchf_uristring()

fetchf_uristring() was failing to handle error values from fetch_setting(), resulting in its attempting to allocate extremely large temporary buffers on the stack (and so overrunning the stack and locking up the machine). Problem reported by Shao Miller <Shao.Miller@yrdsb.edu.on.ca>.
author: Michael Brown 2009-02-12 10:16:53 +0100
committer: Michael Brown 2009-02-12 10:16:53 +0100
commit: 4e6b62c94627d1e05aa986f66054df5f841fe53b (patch)
tree: fb4b8e7ef50b599fe98c2e485177b7e050b85893 /src
parent: [tls] Use our own ASN.1 routines for certificate parsing (diff)
download: ipxe-4e6b62c94627d1e05aa986f66054df5f841fe53b.tar.gz
ipxe-4e6b62c94627d1e05aa986f66054df5f841fe53b.tar.xz
ipxe-4e6b62c94627d1e05aa986f66054df5f841fe53b.zip
1 files changed, 4 insertions, 1 deletions
diff --git a/src/core/settings.c b/src/core/settings.c
index 2c886fdf6..29e56b32c 100644
--- a/src/core/settings.c
+++ b/src/core/settings.c
@@ -825,12 +825,15 @@ static int storef_uristring ( struct settings *settings,
 static int fetchf_uristring ( struct settings *settings,
 			      struct setting *setting,
 			      char *buf, size_t len ) {
-	size_t raw_len;
+	ssize_t raw_len;
 
 	/* We need to always retrieve the full raw string to know the
 	 * length of the encoded string.
 	 */
 	raw_len = fetch_setting ( settings, setting, NULL, 0 );
+	if ( raw_len < 0 )
+		return raw_len;
+
 	{
 		char raw_buf[ raw_len + 1 ];
author	Michael Brown	2009-02-12 10:16:53 +0100
committer	Michael Brown	2009-02-12 10:16:53 +0100
commit	4e6b62c94627d1e05aa986f66054df5f841fe53b (patch)
tree	fb4b8e7ef50b599fe98c2e485177b7e050b85893 /src
parent	[tls] Use our own ASN.1 routines for certificate parsing (diff)
download	ipxe-4e6b62c94627d1e05aa986f66054df5f841fe53b.tar.gz ipxe-4e6b62c94627d1e05aa986f66054df5f841fe53b.tar.xz ipxe-4e6b62c94627d1e05aa986f66054df5f841fe53b.zip