From 1dd3f889641ca2ca997e6c1a734fbf39033c2730 Mon Sep 17 00:00:00 2001 From: Michael Brown Date: Mon, 10 Mar 2008 11:46:55 +0000 Subject: [PATCH] [PXE] Work around a buffer-size bug in WinPE WinPE's pxeboot.n12 takes the BufferLimit returned by gPXE (indicating the size of gPXE's internal DHCP packet buffers) and erroneously passes it in as BufferSize (indicating the size of pxeboot.n12's DHCP packet buffer). If these don't match, then pxeboot.n12 ends up instructing gPXE to overwrite parts of its data segment. Change gPXE's internal DHCP packet buffers to be exactly sizeof(BOOTPLAYER_t) bytes to work around this problem. --- src/interface/pxe/pxe_preboot.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/src/interface/pxe/pxe_preboot.c b/src/interface/pxe/pxe_preboot.c index 53ece3cb..2d6f135c 100644 --- a/src/interface/pxe/pxe_preboot.c +++ b/src/interface/pxe/pxe_preboot.c @@ -51,8 +51,18 @@ enum pxe_cached_info_indices { /** A cached DHCP packet */ union pxe_cached_info { struct dhcphdr dhcphdr; - char raw[ETH_FRAME_LEN]; -}; + /* This buffer must be *exactly* the size of a BOOTPLAYER_t + * structure, otherwise WinPE will die horribly. It takes the + * size of *our* buffer and feeds it in to us as the size of + * one of *its* buffers. If our buffer is larger than it + * expects, we therefore end up overwriting part of its data + * segment, since it tells us to do so. (D'oh!) + * + * Note that a BOOTPLAYER_t is not necessarily large enough to + * hold a DHCP packet; this is a flaw in the PXE spec. + */ + BOOTPLAYER_t packet; +} __attribute__ (( packed )); /* The case in which the caller doesn't supply a buffer is really * awkward to support given that we have multiple sources of options,