[coreboot] r594 - in coreboot-v3/util: lar lzma nrv2b
svn at coreboot.org
svn at coreboot.org
Wed Feb 13 23:15:59 CET 2008
Author: myles
Date: 2008-02-13 23:15:59 +0100 (Wed, 13 Feb 2008)
New Revision: 594
Modified:
coreboot-v3/util/lar/lar.h
coreboot-v3/util/lar/lib.c
coreboot-v3/util/lar/stream.c
coreboot-v3/util/lzma/minilzma.cc
coreboot-v3/util/nrv2b/nrv2b.c
Log:
This patch adds dst_len for the lar uncompress functions, enabling
buffer overflow checks. It exits with an error instead of
overflowing.
Signed-off-by: Myles Watson <myles at pel.cs.byu.edu>
Acked-by: Ronald G. Minnich <rminnich at gmail.com>
Modified: coreboot-v3/util/lar/lar.h
===================================================================
--- coreboot-v3/util/lar/lar.h 2008-02-13 21:00:20 UTC (rev 593)
+++ coreboot-v3/util/lar/lar.h 2008-02-13 22:15:59 UTC (rev 594)
@@ -94,17 +94,17 @@
enum compalgo { none = 0, lzma = 1, nrv2b = 2 };
typedef void (*compress_func) (char *, int, char *, int *);
-typedef void (*uncompress_func) (char *, char *, int);
+typedef void (*uncompress_func) (char *, int, char *, int);
void compress_impossible(char *in, int in_len, char *out, int *out_len);
void do_no_compress(char *in, int in_len, char *out, int *out_len);
void do_lzma_compress(char *in, int in_len, char *out, int *out_len);
void do_nrv2b_compress(char *in, int in_len, char *out, int *out_len);
-void uncompress_impossible(char *, char *, int);
-void do_no_uncompress(char *, char *, int);
-void do_lzma_uncompress(char *, char *, int);
-void do_nrv2b_uncompress(char *, char *, int);
+void uncompress_impossible(char *dst, int dst_len, char *src, int src_len);
+void do_no_uncompress(char *dst, int dst_len, char *src, int src_len);
+void do_lzma_uncompress(char *dst, int dst_len, char *src, int src_len);
+void do_nrv2b_uncompress(char *dst, int dst_len, char *src, int src_len);
static compress_func compress_functions[] = {
do_no_compress,
Modified: coreboot-v3/util/lar/lib.c
===================================================================
--- coreboot-v3/util/lar/lib.c 2008-02-13 21:00:20 UTC (rev 593)
+++ coreboot-v3/util/lar/lib.c 2008-02-13 22:15:59 UTC (rev 594)
@@ -60,15 +60,22 @@
* The default "uncompress" hook to call when no other compression is used
*/
-void do_no_uncompress(char *dst, char *src, int len)
+void do_no_uncompress(char *dst, int dst_len, char *src, int src_len)
{
- memcpy(dst, src, len);
+ if (dst_len == src_len)
+ memcpy(dst, src, dst_len);
+ else
+ {
+ fprintf(stderr,"%s: src_len(%d)!=dst_len(%d)\n",
+ __FUNCTION__,src_len,dst_len);
+ exit(1);
+ }
}
/**
* The default "uncompress" hook to call when no other compression is used
*/
-void uncompress_impossible(char *dst, char *src, int len)
+void uncompress_impossible(char *dst, int dst_len, char *src, int src_len)
{
fprintf(stderr,
"Cannot uncompress data (algorithm not compiled in).\n");
Modified: coreboot-v3/util/lar/stream.c
===================================================================
--- coreboot-v3/util/lar/stream.c 2008-02-13 21:00:20 UTC (rev 593)
+++ coreboot-v3/util/lar/stream.c 2008-02-13 22:15:59 UTC (rev 594)
@@ -685,6 +685,7 @@
uncompress_functions[ntohl(header->compression)](
(char*) buf,
+ ntohl(header->reallen),
(char *) ptr + ntohl(header->offset),
ntohl(header->len));
Modified: coreboot-v3/util/lzma/minilzma.cc
===================================================================
--- coreboot-v3/util/lzma/minilzma.cc 2008-02-13 21:00:20 UTC (rev 593)
+++ coreboot-v3/util/lzma/minilzma.cc 2008-02-13 22:15:59 UTC (rev 594)
@@ -280,18 +280,24 @@
#else
extern "C" {
-void do_lzma_compress(char *in, int in_len, char *out,
- int *out_len) {
+void do_lzma_compress(char *in, int in_len, char *out, int *out_len) {
std::vector<unsigned char> result;
result = LZMACompress(std::vector<unsigned char>(in, in + in_len));
*out_len = result.size();
std::memcpy(out, &result[0], *out_len);
}
-void do_lzma_uncompress(char *dst, char *src, int len) {
+void do_lzma_uncompress(char *dst, int dst_len, char *src, int src_len) {
std::vector<unsigned char> result;
- result = LZMADeCompress(std::vector<unsigned char>(src, src + len));
- std::memcpy(dst, &result[0], result.size());
+ result = LZMADeCompress(std::vector<unsigned char>(src, src + src_len));
+ if (result.size() <= dst_len)
+ std::memcpy(dst, &result[0], result.size());
+ else
+ {
+ fprintf(stderr, "Not copying %d bytes to %d-byte buffer!\n",
+ result.size(), dst_len);
+ exit(1);
+ }
}
}
Modified: coreboot-v3/util/nrv2b/nrv2b.c
===================================================================
--- coreboot-v3/util/nrv2b/nrv2b.c 2008-02-13 21:00:20 UTC (rev 593)
+++ coreboot-v3/util/nrv2b/nrv2b.c 2008-02-13 22:15:59 UTC (rev 594)
@@ -1338,16 +1338,16 @@
#error "Bad Combination of ENDIAN and BITSIZE values specified"
#endif
-#undef SAFE
+#define SAFE
#ifdef SAFE
-#define FAIL(x,r) if (x) { Error(r); }
+#define FAIL(x,r) if (x) { fprintf(stderr,r); exit(1); }
#else
#define FAIL(x,r)
#endif
#ifdef COMPACT
-void do_nrv2b_uncompress(uint8_t *dst, uint8_t *src, int len) {
+void do_nrv2b_uncompress(uint8_t *dst, int dst_len, uint8_t *src, int src_len) {
unsigned long ilen = 0, olen = 0, last_m_off = 1;
uint32_t bb = 0;
unsigned bc = 0;
More information about the coreboot
mailing list