Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
[uri] Avoid potentially large stack allocation
Avoid potentially large stack allocation in resolve_path().

Signed-off-by: Michael Brown <mcb30@ipxe.org>
  • Loading branch information
mcb30 committed Jan 21, 2016
1 parent 3c26ffa commit 295ad11
Showing 1 changed file with 12 additions and 9 deletions.
21 changes: 12 additions & 9 deletions src/core/uri.c
Expand Up @@ -606,7 +606,7 @@ struct uri * uri_dup ( const struct uri *uri ) {
*
* @v base_uri Base path
* @v relative_uri Relative path
* @ret resolved_uri Resolved path
* @ret resolved_uri Resolved path, or NULL on failure
*
* Takes a base path (e.g. "/var/lib/tftpboot/vmlinuz" and a relative
* path (e.g. "initrd.gz") and produces a new path
Expand All @@ -617,18 +617,21 @@ struct uri * uri_dup ( const struct uri *uri ) {
*/
char * resolve_path ( const char *base_path,
const char *relative_path ) {
size_t base_len = ( strlen ( base_path ) + 1 );
char base_path_copy[base_len];
char *base_tmp = base_path_copy;
char *base_copy;
char *base_tmp;
char *resolved;

/* If relative path is absolute, just re-use it */
if ( relative_path[0] == '/' )
return strdup ( relative_path );

/* Create modifiable copy of path for dirname() */
memcpy ( base_tmp, base_path, base_len );
base_tmp = dirname ( base_tmp );
base_copy = strdup ( base_path );
if ( ! base_copy )
return NULL;

/* Strip filename portion of base path */
base_tmp = dirname ( base_copy );

/* Process "./" and "../" elements */
while ( *relative_path == '.' ) {
Expand Down Expand Up @@ -658,8 +661,8 @@ char * resolve_path ( const char *base_path,
if ( asprintf ( &resolved, "%s%s%s", base_tmp,
( ( base_tmp[ strlen ( base_tmp ) - 1 ] == '/' ) ?
"" : "/" ), relative_path ) < 0 )
return NULL;

resolved = NULL;
free ( base_copy );
return resolved;
}

Expand All @@ -668,7 +671,7 @@ char * resolve_path ( const char *base_path,
*
* @v base_uri Base URI, or NULL
* @v relative_uri Relative URI
* @ret resolved_uri Resolved URI
* @ret resolved_uri Resolved URI, or NULL on failure
*
* Takes a base URI (e.g. "http://ipxe.org/kernels/vmlinuz" and a
* relative URI (e.g. "../initrds/initrd.gz") and produces a new URI
Expand Down

0 comments on commit 295ad11

Please sign in to comment.