hak5/wifipineapple-openwrt
1
0
Fork 0
mirror of https://github.com/hak5/wifipineapple-openwrt.git synced 2025-10-29 16:57:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

nvram: fix "Segmentation fault" caused by setting memory out of buffer

Browse Source 
Some MTD partitions with NVRAM have content starting in the middle. In
such case offset is set and nvram_header returns pointer to the middle.
It means we have to respect offset when calculating remaining space.

By the way use real MTD partition size (nvram_part_size variable) as we
may want to bump NVRAM_SPACE in the (very near) future.

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>

Backport of r46251

git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@46258 3c298f89-4303-0410-b956-a3cf2f4a3e73
This commit is contained in:
Rafał Miłecki
2015-07-08 04:55:04 +00:00
parent e141218026
commit 1cd7850184
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
package/utils/nvram/src/nvram.c
View File

@@ -286,11 +286,11 @@ int nvram_commit(nvram_handle_t *h)
/* Clear data area */
ptr = (char *) header + sizeof(nvram_header_t);
memset(ptr, 0xFF, NVRAM_SPACE - sizeof(nvram_header_t));
memset(ptr, 0xFF, nvram_part_size - h->offset - sizeof(nvram_header_t));
memset(&tmp, 0, sizeof(nvram_header_t));
/* Leave space for a double NUL at the end */
end = (char *) header + NVRAM_SPACE - 2;
end = (char *) header + nvram_part_size - h->offset - 2;
/* Write out all tuples */
for (i = 0; i < NVRAM_ARRAYSIZE(h->nvram_hash); i++) {