Select Git revision
cmd_pxe.c
Forked from
Reform / reform-boundary-uboot
Source project has a limited visibility.
-
Steven Falco authored
Pass a valid cmdtp into do_tftpb(), do_ext2load(), and do_get_fat(), to avoid possible crashes due to null pointer dereferencing. Commit d7884e04 does not go far enough. There is still at least one call chain that can result in a crash. The do_tftpb(), do_ext2load(), and do_get_fat() functions expect a valid cmdtp. Passing in NULL is particularly bad in the do_tftpb() case, because eventually boot_get_kernel() will be called with a NULL cmdtp: do_tftpb() -> netboot_common() -> bootm_maybe_autostart() -> do_bootm() -> do_bootm_states() -> bootm_find_os() -> boot_get_kernel() Around line 991 in cmd_bootm.c, boot_get_kernel() will dereference the null pointer, and the board will crash. Signed-off-by:
Steven A. Falco <stevenfalco@gmail.com>
Steven Falco authoredPass a valid cmdtp into do_tftpb(), do_ext2load(), and do_get_fat(), to avoid possible crashes due to null pointer dereferencing. Commit d7884e04 does not go far enough. There is still at least one call chain that can result in a crash. The do_tftpb(), do_ext2load(), and do_get_fat() functions expect a valid cmdtp. Passing in NULL is particularly bad in the do_tftpb() case, because eventually boot_get_kernel() will be called with a NULL cmdtp: do_tftpb() -> netboot_common() -> bootm_maybe_autostart() -> do_bootm() -> do_bootm_states() -> bootm_find_os() -> boot_get_kernel() Around line 991 in cmd_bootm.c, boot_get_kernel() will dereference the null pointer, and the board will crash. Signed-off-by:
