:: commit 45552b23fb30fb4d351a1a69f0a945c95ba3d2b3
bootboot: Fix potential buffer overflow in bruteforce_kernel() (see #124)
diff --git a/stage23/protos/bootboot/initrd.c b/stage23/protos/bootboot/initrd.c
index efef3387..df547e6e 100644
--- a/stage23/protos/bootboot/initrd.c
+++ b/stage23/protos/bootboot/initrd.c
@@ -7,7 +7,7 @@
#include <lib/blib.h>
struct initrd_file bruteforce_kernel(struct initrd_file file) {
- for (size_t i = 0; i < file.size; i++) {
+ for (size_t i = 0; i < file.size - 19; i++) {
if (memcmp(file.data + i, "\177ELF", 4) == 0
&& file.data[i + 18] == 62 && file.data[i + 19] == 0 /* ehdr->e_machine == EM_X86_64 */) {
printv("bootboot: using bruteforced kernel at initrd offset %X\n", file.data + i);
