summaryrefslogtreecommitdiffstats
path: root/usr.sbin/pccard
diff options
context:
space:
mode:
authorimp <imp@FreeBSD.org>1999-12-07 19:23:56 +0000
committerimp <imp@FreeBSD.org>1999-12-07 19:23:56 +0000
commit0e463632a3ead6327de2d89a1bd77d328dea7150 (patch)
treef921c98bc2bdaac023b6a828b1e19993a3409c4c /usr.sbin/pccard
parentedabac1a9d64258b28ef81e140886c4a726a71c1 (diff)
downloadFreeBSD-src-0e463632a3ead6327de2d89a1bd77d328dea7150.zip
FreeBSD-src-0e463632a3ead6327de2d89a1bd77d328dea7150.tar.gz
Bump CIS_MAXSTR from 30 to 254. pccard appears to define the entire
section we take them from to be up to 255 bytes long, so that's the max size for the string. They can't all be this big, but I don't have a better number and better to be a little long than a little short. Also only consume len characters of the cis buffer so we don't run off the end into the next buffer and get garbage. This second patch shouldn't impact anything, but I'll hold off back porting this to -stable until I get more reports on the stability before/after this fix.
Diffstat (limited to 'usr.sbin/pccard')
-rw-r--r--usr.sbin/pccard/pccardd/readcis.c19
-rw-r--r--usr.sbin/pccard/pccardd/readcis.h2
2 files changed, 17 insertions, 4 deletions
diff --git a/usr.sbin/pccard/pccardd/readcis.c b/usr.sbin/pccard/pccardd/readcis.c
index 6fd7c7b..ddfd6fc 100644
--- a/usr.sbin/pccard/pccardd/readcis.c
+++ b/usr.sbin/pccard/pccardd/readcis.c
@@ -170,16 +170,29 @@ freecis(struct cis *cp)
static void
cis_info(struct cis *cp, unsigned char *p, int len)
{
+ unsigned char *end = p + len;
*cp->manuf = *cp->vers = *cp->add_info1 = *cp->add_info2 = '\0';
cp->maj_v = *p++;
cp->min_v = *p++;
+ if (p >= end)
+ return;
strncpy(cp->manuf, p, CIS_MAXSTR - 1);
- while (*p++);
+ cp->manuf[CIS_MAXSTR - 1] = '\0';
+ p += strlen(p);
+ if (p >= end)
+ return;
strncpy(cp->vers, p, CIS_MAXSTR - 1);
- while (*p++);
+ cp->vers[CIS_MAXSTR - 1] = '\0';
+ p += strlen(p);
+ if (p >= end)
+ return;
strncpy(cp->add_info1, p, CIS_MAXSTR - 1);
- while (*p++);
+ cp->add_info1[CIS_MAXSTR - 1] = '\0';
+ p += strlen(p);
+ if (p >= end)
+ return;
strncpy(cp->add_info2, p, CIS_MAXSTR - 1);
+ cp->add_info2[CIS_MAXSTR - 1] = '\0';
}
/*
diff --git a/usr.sbin/pccard/pccardd/readcis.h b/usr.sbin/pccard/pccardd/readcis.h
index 0540036..58d83ef 100644
--- a/usr.sbin/pccard/pccardd/readcis.h
+++ b/usr.sbin/pccard/pccardd/readcis.h
@@ -26,7 +26,7 @@
* $FreeBSD$
*/
-#define CIS_MAXSTR 30
+#define CIS_MAXSTR 254
struct tuple {
struct tuple *next;
unsigned char code;
OpenPOWER on IntegriCloud