From a026a27f0450a66d86df2d88152c61c4e425c493 Mon Sep 17 00:00:00 2001
From: Michael Brown
Date: Mon, 23 Apr 2012 22:42:10 +0100
Subject: [script] Avoid using stack-allocated memory in process_line()

Script lines can be arbitrarily long; allocate on the heap rather than
on the stack.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
---
 src/image/script.c | 29 +++++++++++++++--------------
 1 file changed, 15 insertions(+), 14 deletions(-)

(limited to 'src/image')

diff --git a/src/image/script.c b/src/image/script.c
index 460fbf03..b032d18f 100644
--- a/src/image/script.c
+++ b/src/image/script.c
@@ -58,6 +58,7 @@ static int process_script ( struct image *image,
 			    int ( * terminate ) ( int rc ) ) {
 	off_t eol;
 	size_t len;
+	char *line;
 	int rc;
 
 	script_offset = 0;
@@ -71,23 +72,23 @@ static int process_script ( struct image *image,
 			eol = image->len;
 		len = ( eol - script_offset );
 
-		/* Copy line, terminate with NUL, and execute command */
-		{
-			char cmdbuf[ len + 1 ];
+		/* Allocate buffer for line */
+		line = zalloc ( len + 1 /* NUL */ );
+		if ( ! line )
+			return -ENOMEM;
 
-			copy_from_user ( cmdbuf, image->data,
-					 script_offset, len );
-			cmdbuf[len] = '\0';
-			DBG ( "$ %s\n", cmdbuf );
+		/* Copy line */
+		copy_from_user ( line, image->data, script_offset, len );
+		DBG ( "$ %s\n", line );
 
-			/* Move to next line */
-			script_offset += ( len + 1 );
+		/* Move to next line */
+		script_offset += ( len + 1 );
 
-			/* Process line */
-			rc = process_line ( cmdbuf );
-			if ( terminate ( rc ) )
-				return rc;
-		}
+		/* Process and free line */
+		rc = process_line ( line );
+		free ( line );
+		if ( terminate ( rc ) )
+			return rc;
 
 	} while ( script_offset < image->len );
 
-- 
cgit v1.2.3-55-g7522