Both the script and PXE images types will claim a zero-length image.
Inhibit this to avoid end-user surprises.
if ( filesz > ( 0xa0000 - 0x7c00 ) )
return -ENOEXEC;
+ /* Rejecting zero-length images is also useful, since these
+ * end up looking to the user like bugs in gPXE.
+ */
+ if ( ! filesz )
+ return -ENOEXEC;
+
/* There are no signature checks for PXE; we will accept anything */
if ( ! image->type )
image->type = &pxe_image_type;
static const char magic[] = "#!gpxe\n";
char test[ sizeof ( magic ) - 1 ];
+ /* Sanity check */
+ if ( image->len < sizeof ( test ) ) {
+ DBG ( "Too short to be a script\n" );
+ return -ENOEXEC;
+ }
+
/* Check for magic signature */
copy_from_user ( test, image->data, 0, sizeof ( test ) );
if ( memcmp ( test, magic, sizeof ( test ) ) != 0 ) {