From 6f5159e474dd731591e536f15776c94ce4754f73 Mon Sep 17 00:00:00 2001
From: hpa <hpa>
Date: Tue, 22 Oct 2002 18:28:26 +0000
Subject: Fix PXELINUX memory overwrite bug.

---
 NEWS         | 3 +++
 pxelinux.asm | 8 ++++++++
 2 files changed, 11 insertions(+)

diff --git a/NEWS b/NEWS
index d1aa4654..89c4ca2e 100644
--- a/NEWS
+++ b/NEWS
@@ -8,6 +8,9 @@ Changes in 2.00:
 	* Fix mbr.asm so that it actually works.
 	* SYSLINUX: The syslinux installer *SHOULD* now be safe to
 	  run setuid root.
+	* PXELINUX: Fix bug where PXELINUX would override random
+	  chunks of the UNDI code segment!  Thanks to Kevin Tran for
+	  finding this bug.
 
 Changes in 1.76:
 	* ISOLINUX: Remove code no longer used which caused hangs on
diff --git a/pxelinux.asm b/pxelinux.asm
index 53b46b84..e4572b88 100644
--- a/pxelinux.asm
+++ b/pxelinux.asm
@@ -306,7 +306,11 @@ _start1:
 		mov al,NULLFILE
 		mov di,FKeyName
 		mov cx,10*(1 << FILENAME_MAX_LG2)
+		push es			; Save ES -> PXE structure
+		push ds			; ES <- DS
+		pop es
 		rep stosb
+		pop es			; Restore ES
 
 ;
 ; Tell the user we got this far
@@ -504,7 +508,11 @@ have_entrypoint:
 		mov di,Sockets
 		mov cx,(MAX_SOCKETS*tftp_port_t_size)/4
 		xor eax,eax
+		push es		; Save ES -> PXE structure
+		push ds		; ES <- DS
+		pop es
 		rep stosd
+		pop es
 
 ;
 ; Now attempt to get the BOOTP/DHCP packet that brought us life (and an IP
-- 
cgit v1.2.1