diff options
| author | H. Peter Anvin <hpa@linux.intel.com> | 2011-04-26 15:23:43 -0700 |
|---|---|---|
| committer | H. Peter Anvin <hpa@linux.intel.com> | 2011-04-26 15:23:43 -0700 |
| commit | 99e8e9b8043bc723486f5da22ceb640e2a340457 (patch) | |
| tree | 6fe7e071d012945b0f7ab274b56ab5fb29a66409 | |
| parent | 0490e0b2d21fc76267d963115dae474a90b77de5 (diff) | |
| download | syslinux-99e8e9b8043bc723486f5da22ceb640e2a340457.tar.gz | |
pxe, http: correct the header overflow test
sizeof header_buf isn't very useful when that's an actual pointer...
Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
| -rw-r--r-- | core/fs/pxe/http.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/core/fs/pxe/http.c b/core/fs/pxe/http.c index d98cc4ac..c7613bb6 100644 --- a/core/fs/pxe/http.c +++ b/core/fs/pxe/http.c @@ -185,6 +185,7 @@ void http_open(struct url_info *url, struct inode *inode, const char **redir) addr.addr = url->ip; if (!url->port) url->port = HTTP_PORT; + err = netconn_connect(socket->conn, &addr, url->port); if (err) { printf("netconn_connect error %d\n", err); @@ -194,7 +195,7 @@ void http_open(struct url_info *url, struct inode *inode, const char **redir) strcpy(header_buf, "GET /"); header_bytes = 5; header_bytes += url_escape_unsafe(header_buf+5, url->path, - sizeof header_buf - 5); + sizeof header_buf - 5); if (header_bytes > header_len) goto fail; /* Buffer overflow */ header_bytes += snprintf(header_buf + header_bytes, @@ -206,7 +207,7 @@ void http_open(struct url_info *url, struct inode *inode, const char **redir) "%s" "\r\n", url->host, cookie_buf ? cookie_buf : ""); - if (header_bytes > sizeof header_buf) + if (header_bytes > header_len) goto fail; /* Buffer overflow */ err = netconn_write(socket->conn, header_buf, |