aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLaurent Licour <laurent@licour.com>2010-07-07 20:53:22 +0200
committerErwan Velu <erwanaliasr1@gmail.com>2010-07-07 20:53:22 +0200
commit5c558dba97becf9d56a26a17f0cff96f780cf67d (patch)
tree3d13982fe2febc996da3b4e4a55cf07ac44e7021
parent62926623081dd71e8cb4803375b70191df5592fe (diff)
downloadsyslinux-5c558dba97becf9d56a26a17f0cff96f780cf67d.tar.gz
syslinux-5c558dba97becf9d56a26a17f0cff96f780cf67d.tar.xz
syslinux-5c558dba97becf9d56a26a17f0cff96f780cf67d.zip
DMI: Fixing memory mgmnt in dmi_memory_module_types
In some case, dmi_memory_module_types could read the entire memory as a result of a bogus snprintf usage.
-rw-r--r--com32/gplinclude/dmi/dmi_memory.h8
-rw-r--r--com32/gpllib/dmi/dmi.c12
-rw-r--r--com32/gpllib/dmi/dmi_memory.c18
3 files changed, 20 insertions, 18 deletions
diff --git a/com32/gplinclude/dmi/dmi_memory.h b/com32/gplinclude/dmi/dmi_memory.h
index 47ad7fcd..4d0ad442 100644
--- a/com32/gplinclude/dmi/dmi_memory.h
+++ b/com32/gplinclude/dmi/dmi_memory.h
@@ -66,12 +66,12 @@ void dmi_memory_device_size(uint16_t code, char *size);
const char *dmi_memory_device_form_factor(uint8_t code);
void dmi_memory_device_set(uint8_t code, char *set);
const char *dmi_memory_device_type(uint8_t code);
-void dmi_memory_device_type_detail(uint16_t code, char *type_detail);
+void dmi_memory_device_type_detail(uint16_t code, char *type_detail, int sizeof_type_detail);
void dmi_memory_device_speed(uint16_t code, char *speed);
-void dmi_memory_module_connections(uint8_t, char *);
+void dmi_memory_module_connections(uint8_t, char *, int);
void dmi_memory_module_speed(uint8_t, char *);
-void dmi_memory_module_types(uint16_t, const char *, char *);
-void dmi_memory_module_size(uint8_t, char *);
+void dmi_memory_module_types(uint16_t, const char *, char *, int);
+void dmi_memory_module_size(uint8_t, char *, int);
void dmi_memory_module_error(uint8_t, const char *, char *);
#endif
diff --git a/com32/gpllib/dmi/dmi.c b/com32/gpllib/dmi/dmi.c
index cd72fbb6..507b11ac 100644
--- a/com32/gpllib/dmi/dmi.c
+++ b/com32/gpllib/dmi/dmi.c
@@ -516,6 +516,8 @@ int dmi_iterate(s_dmi * dmi)
int found = 0;
/* Cleaning structures */
+ memset(dmi, 0, sizeof(s_dmi));
+
memset(&dmi->base_board, 0, sizeof(s_base_board));
memset(&dmi->battery, 0, sizeof(s_battery));
memset(&dmi->bios, 0, sizeof(s_bios));
@@ -751,11 +753,11 @@ void dmi_decode(struct dmi_header *h, uint16_t ver, s_dmi * dmi)
dmi->memory_module[dmi->memory_module_count - 1].filled = true;
strlcpy(module->socket_designation, dmi_string(h, data[0x04]),
sizeof(module->socket_designation));
- dmi_memory_module_connections(data[0x05], module->bank_connections);
+ dmi_memory_module_connections(data[0x05], module->bank_connections, sizeof(module->bank_connections));
dmi_memory_module_speed(data[0x06], module->speed);
- dmi_memory_module_types(WORD(data + 0x07), " ", module->type);
- dmi_memory_module_size(data[0x09], module->installed_size);
- dmi_memory_module_size(data[0x0A], module->enabled_size);
+ dmi_memory_module_types(WORD(data + 0x07), " ", module->type, sizeof(module->type));
+ dmi_memory_module_size(data[0x09], module->installed_size, sizeof(module->installed_size));
+ dmi_memory_module_size(data[0x0A], module->enabled_size, sizeof(module->enabled_size));
dmi_memory_module_error(data[0x0B], "\t\t", module->error_status);
break;
case 7: /* 3.3.8 Cache Information */
@@ -836,7 +838,7 @@ void dmi_decode(struct dmi_header *h, uint16_t ver, s_dmi * dmi)
sizeof(mem->bank_locator));
strlcpy(mem->type, dmi_memory_device_type(data[0x12]),
sizeof(mem->type));
- dmi_memory_device_type_detail(WORD(data + 0x13), mem->type_detail);
+ dmi_memory_device_type_detail(WORD(data + 0x13), mem->type_detail, sizeof(mem->type_detail));
if (h->length < 0x17)
break;
dmi_memory_device_speed(WORD(data + 0x15), mem->speed);
diff --git a/com32/gpllib/dmi/dmi_memory.c b/com32/gpllib/dmi/dmi_memory.c
index a1f2b440..21458293 100644
--- a/com32/gpllib/dmi/dmi_memory.c
+++ b/com32/gpllib/dmi/dmi_memory.c
@@ -132,7 +132,7 @@ const char *dmi_memory_device_type(uint8_t code)
return out_of_spec;
}
-void dmi_memory_device_type_detail(uint16_t code, char *type_detail)
+void dmi_memory_device_type_detail(uint16_t code, char *type_detail, int sizeof_type_detail)
{
/* 3.3.18.3 */
static const char *detail[] = {
@@ -157,7 +157,7 @@ void dmi_memory_device_type_detail(uint16_t code, char *type_detail)
for (i = 1; i <= 12; i++)
if (code & (1 << i))
- snprintf(type_detail,sizeof(type_detail), "%s", detail[i - 1]);
+ snprintf(type_detail, sizeof_type_detail, "%s", detail[i - 1]);
}
}
@@ -173,7 +173,7 @@ void dmi_memory_device_speed(uint16_t code, char *speed)
* 3.3.7 Memory Module Information (Type 6)
*/
-void dmi_memory_module_types(uint16_t code, const char *sep, char *type)
+void dmi_memory_module_types(uint16_t code, const char *sep, char *type, int sizeof_type)
{
/* 3.3.7.1 */
static const char *types[] = {
@@ -197,11 +197,11 @@ void dmi_memory_module_types(uint16_t code, const char *sep, char *type)
for (i = 0; i <= 10; i++)
if (code & (1 << i))
- snprintf(type,sizeof(type), "%s%s%s", type, sep, types[i]);
+ snprintf(type, sizeof_type, "%s%s%s", type, sep, types[i]);
}
}
-void dmi_memory_module_connections(uint8_t code, char *connection)
+void dmi_memory_module_connections(uint8_t code, char *connection, int sizeof_connection)
{
if (code == 0xFF)
sprintf(connection, "%s", "None");
@@ -209,7 +209,7 @@ void dmi_memory_module_connections(uint8_t code, char *connection)
if ((code & 0xF0) != 0xF0)
sprintf(connection, "%u ", code >> 4);
if ((code & 0x0F) != 0x0F)
- snprintf(connection,sizeof(connection), "%s%u", connection, code & 0x0F);
+ snprintf(connection, sizeof_connection, "%s%u", connection, code & 0x0F);
}
}
@@ -221,7 +221,7 @@ void dmi_memory_module_speed(uint8_t code, char *speed)
sprintf(speed, "%u ns", code);
}
-void dmi_memory_module_size(uint8_t code, char *size)
+void dmi_memory_module_size(uint8_t code, char *size, int sizeof_size)
{
/* 3.3.7.2 */
switch (code & 0x7F) {
@@ -239,9 +239,9 @@ void dmi_memory_module_size(uint8_t code, char *size)
}
if (code & 0x80)
- snprintf(size,sizeof(size),"%s %s", size, "(Double-bank Connection)");
+ snprintf(size, sizeof_size, "%s %s", size, "(Double-bank Connection)");
else
- snprintf(size,sizeof(size), "%s %s", size, "(Single-bank Connection)");
+ snprintf(size, sizeof_size, "%s %s", size, "(Single-bank Connection)");
}
void dmi_memory_module_error(uint8_t code, const char *prefix, char *error)