upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-05-28 04:12:45 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix a potential stack buffer overflow on systems whose ACPI OEMID

Browse source 
fills its field (6 characters).  In that case the OEMID is not
null-terminated, and the sprintf that was used would copy up to the
next null byte, which could be pretty far away.
This commit is contained in:
John Polstra 2004-05-14 01:29:21 +00:00
parent fc0c46e313
commit 15a3ddef19
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
sys/boot/i386/libi386/biosacpi.c
View file

@ -66,8 +66,8 @@ biosacpi_detect(void)
revision = 1;
sprintf(buf, "%d", revision);
setenv("hint.acpi.0.revision", buf, 1);
sprintf(buf, "%6s", rsdp->OemId);
buf[6] = '\0';
strncpy(buf, rsdp->OemId, sizeof(rsdp->OemId));
buf[sizeof(rsdp->OemId)] = '\0';
setenv("hint.acpi.0.oem", buf, 1);
sprintf(buf, "0x%08x", rsdp->RsdtPhysicalAddress);
setenv("hint.acpi.0.rsdt", buf, 1);