[settings] Handle errors in fetchf_uristring()
authorMichael Brown <mcb30@etherboot.org>
Thu, 12 Feb 2009 09:16:53 +0000 (09:16 +0000)
committerMichael Brown <mcb30@etherboot.org>
Thu, 12 Feb 2009 09:16:53 +0000 (09:16 +0000)
fetchf_uristring() was failing to handle error values from
fetch_setting(), resulting in its attempting to allocate extremely
large temporary buffers on the stack (and so overrunning the stack and
locking up the machine).

Problem reported by Shao Miller <Shao.Miller@yrdsb.edu.on.ca>.

src/core/settings.c

index 2c886fd..29e56b3 100644 (file)
@@ -825,12 +825,15 @@ static int storef_uristring ( struct settings *settings,
 static int fetchf_uristring ( struct settings *settings,
                              struct setting *setting,
                              char *buf, size_t len ) {
-       size_t raw_len;
+       ssize_t raw_len;
 
        /* We need to always retrieve the full raw string to know the
         * length of the encoded string.
         */
        raw_len = fetch_setting ( settings, setting, NULL, 0 );
+       if ( raw_len < 0 )
+               return raw_len;
+
        {
                char raw_buf[ raw_len + 1 ];