diff options
author | imp <imp@FreeBSD.org> | 2002-01-06 18:03:55 +0000 |
---|---|---|
committer | imp <imp@FreeBSD.org> | 2002-01-06 18:03:55 +0000 |
commit | 4e1080d4dc4a8faf7f36b5b69d8854a678bdad8e (patch) | |
tree | f31e6a1af69c4d471d68c15c0a26dfeb6c1ce71b /usr.sbin/pccard | |
parent | f611e6aa01b8009999d8905b3b4e69717ef5fa0a (diff) | |
download | FreeBSD-src-4e1080d4dc4a8faf7f36b5b69d8854a678bdad8e.zip FreeBSD-src-4e1080d4dc4a8faf7f36b5b69d8854a678bdad8e.tar.gz |
Update length more correctly when parsing a cis info field.
Before, we were using
while (*p++ && --len > 0);
to do this. However, len doesn't get decremented for the NUL byte, so when
we used len later to see if we still have CIS left for some optional fields,
we'd run off the end of an array and dump core.
Instead, replace it with
len -= strlen(p) + 1;
p += strlen(p) + 1;
which is more correct. It is a little bogus to assume that p points to
a valid C string, but only a little. The PC Card SPEC mandates that it
does, and we already depend on that with the use of strdup a few lines
earlier. Since much of the rest of the cis parsing code isn't hyper
retentive about error checking, I'll leave that level of checking for
another time and/or another committer :-).
Diffstat (limited to 'usr.sbin/pccard')
-rw-r--r-- | usr.sbin/pccard/pccardd/readcis.c | 15 |
1 files changed, 11 insertions, 4 deletions
diff --git a/usr.sbin/pccard/pccardd/readcis.c b/usr.sbin/pccard/pccardd/readcis.c index 17ca514..49b2abf 100644 --- a/usr.sbin/pccard/pccardd/readcis.c +++ b/usr.sbin/pccard/pccardd/readcis.c @@ -203,7 +203,8 @@ cis_info(struct cis *cp, unsigned char *p, int len) } if (len > 1 && *p != 0xff) { cp->manuf = strdup(p); - while (*p++ && --len > 0); + len -= strlen(p) + 1; + p += strlen(p) + 1; } if (cp->vers) { free(cp->vers); @@ -211,9 +212,10 @@ cis_info(struct cis *cp, unsigned char *p, int len) } if (len > 1 && *p != 0xff) { cp->vers = strdup(p); - while (*p++ && --len > 0); + len -= strlen(p) + 1; + p += strlen(p) + 1; } else { - cp->vers = strdup("?"); + cp->vers = strdup("[none]"); } if (cp->add_info1) { free(cp->add_info1); @@ -221,7 +223,10 @@ cis_info(struct cis *cp, unsigned char *p, int len) } if (len > 1 && *p != 0xff) { cp->add_info1 = strdup(p); - while (*p++ && --len > 0); + len -= strlen(p) + 1; + p += strlen(p) + 1; + } else { + cp->add_info1 = strdup("[none]"); } if (cp->add_info2) { free(cp->add_info2); @@ -229,6 +234,8 @@ cis_info(struct cis *cp, unsigned char *p, int len) } if (len > 1 && *p != 0xff) cp->add_info2 = strdup(p); + else + cp->add_info2 = strdup("[none]"); } /* |