summaryrefslogtreecommitdiffstats
path: root/usr.sbin/pccard
diff options
context:
space:
mode:
authorimp <imp@FreeBSD.org>2002-01-06 18:03:55 +0000
committerimp <imp@FreeBSD.org>2002-01-06 18:03:55 +0000
commit4e1080d4dc4a8faf7f36b5b69d8854a678bdad8e (patch)
treef31e6a1af69c4d471d68c15c0a26dfeb6c1ce71b /usr.sbin/pccard
parentf611e6aa01b8009999d8905b3b4e69717ef5fa0a (diff)
downloadFreeBSD-src-4e1080d4dc4a8faf7f36b5b69d8854a678bdad8e.zip
FreeBSD-src-4e1080d4dc4a8faf7f36b5b69d8854a678bdad8e.tar.gz
Update length more correctly when parsing a cis info field.
Before, we were using while (*p++ && --len > 0); to do this. However, len doesn't get decremented for the NUL byte, so when we used len later to see if we still have CIS left for some optional fields, we'd run off the end of an array and dump core. Instead, replace it with len -= strlen(p) + 1; p += strlen(p) + 1; which is more correct. It is a little bogus to assume that p points to a valid C string, but only a little. The PC Card SPEC mandates that it does, and we already depend on that with the use of strdup a few lines earlier. Since much of the rest of the cis parsing code isn't hyper retentive about error checking, I'll leave that level of checking for another time and/or another committer :-).
Diffstat (limited to 'usr.sbin/pccard')
-rw-r--r--usr.sbin/pccard/pccardd/readcis.c15
1 files changed, 11 insertions, 4 deletions
diff --git a/usr.sbin/pccard/pccardd/readcis.c b/usr.sbin/pccard/pccardd/readcis.c
index 17ca514..49b2abf 100644
--- a/usr.sbin/pccard/pccardd/readcis.c
+++ b/usr.sbin/pccard/pccardd/readcis.c
@@ -203,7 +203,8 @@ cis_info(struct cis *cp, unsigned char *p, int len)
}
if (len > 1 && *p != 0xff) {
cp->manuf = strdup(p);
- while (*p++ && --len > 0);
+ len -= strlen(p) + 1;
+ p += strlen(p) + 1;
}
if (cp->vers) {
free(cp->vers);
@@ -211,9 +212,10 @@ cis_info(struct cis *cp, unsigned char *p, int len)
}
if (len > 1 && *p != 0xff) {
cp->vers = strdup(p);
- while (*p++ && --len > 0);
+ len -= strlen(p) + 1;
+ p += strlen(p) + 1;
} else {
- cp->vers = strdup("?");
+ cp->vers = strdup("[none]");
}
if (cp->add_info1) {
free(cp->add_info1);
@@ -221,7 +223,10 @@ cis_info(struct cis *cp, unsigned char *p, int len)
}
if (len > 1 && *p != 0xff) {
cp->add_info1 = strdup(p);
- while (*p++ && --len > 0);
+ len -= strlen(p) + 1;
+ p += strlen(p) + 1;
+ } else {
+ cp->add_info1 = strdup("[none]");
}
if (cp->add_info2) {
free(cp->add_info2);
@@ -229,6 +234,8 @@ cis_info(struct cis *cp, unsigned char *p, int len)
}
if (len > 1 && *p != 0xff)
cp->add_info2 = strdup(p);
+ else
+ cp->add_info2 = strdup("[none]");
}
/*
OpenPOWER on IntegriCloud