On 15.01.2018 17:44, Collin L. Walling wrote:
> Prints the menu data starting from the zIPL menu banner.
>
> Signed-off-by: Collin L. Walling <wall...@linux.vnet.ibm.com>
> ---
[...]
> static void run_eckd_boot_script(block_number_t mbr_block_nr,
> diff --git a/pc-bios/s390-ccw/menu.c b/pc-bios/s390-ccw/menu.c
> index e15a7f2..30470b3 100644
> --- a/pc-bios/s390-ccw/menu.c
> +++ b/pc-bios/s390-ccw/menu.c
> @@ -10,10 +10,52 @@
> */
>
> #include "menu.h"
> +#include "s390-ccw.h"
>
> static uint8_t flags;
> static uint64_t timeout;
>
> +static void zipl_println(const char *data, size_t len)
> +{
> + char buf[len + 1];
> +
> + ebcdic_to_ascii(data, buf, len);
> + buf[len] = '\n';
> + buf[len + 1] = '\0';
Buffer overflow by 1. You need to declare "char buf[len + 2]".
Or drop the 0-termination and use write(1, buf, len + 1) instead of
sclp_print().
> + sclp_print(buf);
> +}
Thomas
