[bug #51153] SYSLINUX config parsing is very fragile

Thu, 01 Jun 2017 03:02:54 -0700 

URL:
  <http://savannah.gnu.org/bugs/?51153>

                 Summary: SYSLINUX config parsing is very fragile
                 Project: GNU GRUB
            Submitted by: felix_s
            Submitted on: Thu 01 Jun 2017 10:00:20 AM UTC
                Category: None
                Severity: Major
                Priority: 5 - Normal
              Item Group: Software Error
                  Status: None
                 Privacy: Public
             Assigned to: None
         Originator Name: 
        Originator Email: 
             Open/Closed: Open
         Discussion Lock: Any
                 Release: 
                 Release: Git master
         Reproducibility: Every Time
         Planned Release: None

    _______________________________________________________

Details:

Attached are two config files. One of them produces a crash (null pointer
dereference) when fed to grub-syslinux2cfg or GRUB's syslinux_configfile
command; the other produces an unhelpful 'kernel without label' message,
without even so much as a line number. Both are understood by vanilla SYSLINUX
normally; they are variously processed versons of SYSLINUX config file from
SystemRescueCd.

The former bug is because the command-line arguments to ifcpu64.c32 are
misparsed (GRUB's parser doesn't understand command-line arguments for kernel
alternatives); the latter is because cmd_menudefault doesn't understand a
label specifier in a MENU DEFAULT statement.

The SYSLINUX config parsing code generally seems quite fragile. From a very
cursory inspection, I've noticed a potential memory leak when encountering
multiple DEFAULT statements (cmd_default). A more thorough audit may reveal
more such issues.




    _______________________________________________________

File Attachments:


-------------------------------------------------------
Date: Thu 01 Jun 2017 10:00:20 AM UTC  Name: crash.syslinux.cfg  Size: 6kB  
By: felix_s

<http://savannah.gnu.org/bugs/download.php?file_id=40831>
-------------------------------------------------------
Date: Thu 01 Jun 2017 10:00:20 AM UTC  Name: syslinux.cfg  Size: 20kB   By:
felix_s

<http://savannah.gnu.org/bugs/download.php?file_id=40832>

    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/bugs/?51153>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/


_______________________________________________
Bug-grub mailing list
[email protected]
https://lists.gnu.org/mailman/listinfo/bug-grub

Reply via email to