[smbios] Avoid reading beyond end of constructed SMBIOS setting

Signed-off-by: Michael Brown <mcb30@ipxe.org>
author: Michael Brown <mcb30@ipxe.org> 2024-07-31 16:20:37 +0100
committer: Michael Brown <mcb30@ipxe.org> 2024-07-31 16:20:37 +0100
commit: 60d682409ed77cadf4ac3942c256c0fad00d2103 (patch)
tree: 5534da433a9cb51605ac1ef1a03528d1c2461835
parent: 0dc8933f6769e375a645ed4e9053855191cf8170 (diff)
download: ipxe-60d682409ed77cadf4ac3942c256c0fad00d2103.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/src/interface/smbios/smbios_settings.c b/src/interface/smbios/smbios_settings.c
index ec31b43f2..ca3f2fe2f 100644
--- a/src/interface/smbios/smbios_settings.c
+++ b/src/interface/smbios/smbios_settings.c
@@ -130,6 +130,13 @@ static int smbios_fetch ( struct settings *settings __unused,
 			return rc;
 		}
 
+		/* Limit length */
+		if ( tag_offset > sizeof ( buf ) ) {
+			tag_len = 0;
+		} else if ( ( tag_offset + tag_len ) > sizeof ( buf ) ) {
+			tag_len = ( sizeof ( buf ) - tag_offset );
+		}
+
 		/* Mangle UUIDs if necessary.  iPXE treats UUIDs as
 		 * being in network byte order (big-endian).  SMBIOS
 		 * specification version 2.6 states that UUIDs are
author	Michael Brown <mcb30@ipxe.org>	2024-07-31 16:20:37 +0100
committer	Michael Brown <mcb30@ipxe.org>	2024-07-31 16:20:37 +0100
commit	60d682409ed77cadf4ac3942c256c0fad00d2103 (patch)
tree	5534da433a9cb51605ac1ef1a03528d1c2461835
parent	0dc8933f6769e375a645ed4e9053855191cf8170 (diff)
download	ipxe-60d682409ed77cadf4ac3942c256c0fad00d2103.tar.gz