• Steven Falco's avatar
    Prevent null pointer dereference originating in cmd_pxe.c · 0e3f3f8a
    Steven Falco authored
    Pass a valid cmdtp into do_tftpb(), do_ext2load(), and do_get_fat(), to
    avoid possible crashes due to null pointer dereferencing.
    Commit d7884e04
     does not go far enough.
    There is still at least one call chain that can result in a crash.
    The do_tftpb(), do_ext2load(), and do_get_fat() functions expect a valid
    cmdtp.  Passing in NULL is particularly bad in the do_tftpb() case,
    because eventually boot_get_kernel() will be called with a NULL cmdtp:
    do_tftpb() -> netboot_common() -> bootm_maybe_autostart() -> do_bootm()
    -> do_bootm_states() -> bootm_find_os() -> boot_get_kernel()
    Around line 991 in cmd_bootm.c, boot_get_kernel() will dereference the
    null pointer, and the board will crash.
    Signed-off-by: default avatarSteven A. Falco <stevenfalco@gmail.com>
cmd_pxe.c 34.1 KB