From bc0e0af007a6c043204862e8d1c4ab70ce5629d2 Mon Sep 17 00:00:00 2001
From: okuji <okuji@localhost>
Date: Wed, 7 Jun 2000 15:35:18 +0000
Subject: [PATCH] eliminate trailing NULs in NVT strings.

---
 ChangeLog      |  9 +++++++++
 netboot/main.c | 35 +++++++++++++++++++++++++++++------
 2 files changed, 38 insertions(+), 6 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 997e9f036..0c2d79e66 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,12 @@
+2000-06-08  OKUJI Yoshinori  <okuji@gnu.org>
+
+	* netboot/main.c (decode_rfc1533) [GRUB]: Eliminate trailing
+	NULs in the NVT string for a configuration file name, if any.
+	(decode_rfc1533): Likewise, if Extensions Path is present,
+	eliminate the trailing NULs, if any.
+	Also, check the length carefully to ensure that EXTPATH can fit
+	in FNAME.
+	
 2000-06-06  Jochen Hoenicke  <jochen@gnu.org>
 
 	* stage2/fsys_reiserfs.c: Added journaling to reiser.
diff --git a/netboot/main.c b/netboot/main.c
index 135bc3c8d..69de7fc7e 100644
--- a/netboot/main.c
+++ b/netboot/main.c
@@ -976,10 +976,17 @@ decode_rfc1533 (unsigned char *p, int block, int len, int eof)
 #ifdef GRUB
 	  else if (c == RFC1533_VENDOR_CONFIGFILE)
 	    {
-	      grub_memmove (config_file, p + 2, TAG_LEN (p));
-	      
-	      /* FIXME: Is this below really necessary???  */
-	      config_file[TAG_LEN (p)] = 0;
+	      int len = TAG_LEN (p);
+
+	      /* Eliminate the trailing NULs according to RFC 2132.  */
+	      while (*(p + 2 + len - 1) == '\000' && len > 0)
+		len--;
+
+	      /* XXX: Should check if LEN is less than the maximum length
+		 of CONFIG_FILE. This kind of robustness will be a goal
+		 in GRUB 1.0.  */
+	      grub_memmove (config_file, p + 2, len);
+	      config_file[len] = 0;
 	    }
 #else /* ! GRUB */
 
@@ -1027,8 +1034,24 @@ decode_rfc1533 (unsigned char *p, int block, int len, int eof)
       if (block == 0 && extpath != NULL)
 	{
 	  char fname[64];
-	  grub_memmove (fname, extpath + 2, TAG_LEN (extpath));
-	  fname[(int) TAG_LEN (extpath)] = '\000';
+	  int fnamelen = TAG_LEN (extpath);
+
+	  while (*(extpath + 2 + fnamelen - 1) == '\000' && fnamelen > 0)
+	    fnamelen--;
+
+	  if (fnamelen + 1 > sizeof (fname))
+	    {
+	      grub_printf ("Too long file name for Extensions Path\n");
+	      return 0;
+	    }
+	  else if (! fnamelen)
+	    {
+	      grub_printf ("Empty file name for Extensions Path\n");
+	      return 0;
+	    }
+	  
+	  grub_memmove (fname, extpath + 2, fnamelen);
+	  fname[fnamelen] = '\000';
 	  grub_printf ("Loading BOOTP-extension file: %s\n", fname);
 	  tftp (fname, decode_rfc1533);
 	}