Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/sys/arch/alpha/stand/installboot correctly calculate the spa...

details:   https://anonhg.NetBSD.org/src/rev/c219d704f30b
branches:  trunk
changeset: 471463:c219d704f30b
user:      cgd <cgd%NetBSD.org@localhost>
date:      Fri Apr 02 02:47:45 1999 +0000

description:
correctly calculate the space left for block addresses, and avoid
assuming that there's always going to be space for the whole boot
block info struct.  (the assumption would cause a malloc'd region
to be overrun, if it proved false.)

diffstat:

 sys/arch/alpha/stand/installboot/installboot.c |  23 +++++++++++++++++------
 1 files changed, 17 insertions(+), 6 deletions(-)

diffs (47 lines):

diff -r 630ba5dea718 -r c219d704f30b sys/arch/alpha/stand/installboot/installboot.c
--- a/sys/arch/alpha/stand/installboot/installboot.c    Thu Apr 01 23:28:09 1999 +0000
+++ b/sys/arch/alpha/stand/installboot/installboot.c    Fri Apr 02 02:47:45 1999 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: installboot.c,v 1.9 1998/11/25 21:19:35 ross Exp $ */
+/* $NetBSD: installboot.c,v 1.10 1999/04/02 02:47:45 cgd Exp $ */
 
 /*-
  * Copyright (c) 1998 The NetBSD Foundation, Inc.
@@ -367,7 +367,7 @@
        char *fname;
        long *size;
 {
-       int     fd, sz;
+       int     fd, sz, tdb_size;
        char    *bp;
        struct  stat statbuf;
        u_int64_t *matchp;
@@ -415,13 +415,24 @@
 
        if (bbinfolocp == NULL) {
                warnx("%s: not a valid boot block?", fname);
+               free(bp);
                return NULL;
        }
 
-       bbinfop = (struct bbinfo *)(bp + bbinfolocp->end - bbinfolocp->start);  
-       memset(bbinfop, 0, sz - (bbinfolocp->end - bbinfolocp->start));
-       max_block_count =
-           ((char *)bbinfop->blocks - bp) / sizeof (bbinfop->blocks[0]);
+       tdb_size = bbinfolocp->end - bbinfolocp->start;  /* text, data, bss */
+
+       if ((sz - tdb_size) < sizeof (struct bbinfo)) {
+               warnx("%s: no space for boot block info structure", fname);
+               free(bp);
+               return NULL;
+       }
+
+       bbinfop = (struct bbinfo *)(bp + tdb_size);
+       memset(bbinfop, 0, sz - tdb_size);
+
+       /* + 1 because the bbinfo struct contains one block already. */
+       max_block_count = ((sz - tdb_size - sizeof (struct bbinfo)) /
+           sizeof (bbinfop->blocks[0])) + 1;
 
        if (verbose) {
                printf("boot block info locator at offset 0x%lx\n",
Home | Main Index | Thread Index | Old Index