Re: [LinuxBIOS] patch: extending LAR, and removing elf from linuxbios (it is not needed)

Tue, 28 Aug 2007 02:29:46 -0700 

* ron minnich <[EMAIL PROTECTED]> [070828 06:16]:
> ===================================================================
> --- lib/lar.c (revision 480)
> +++ lib/lar.c (working copy)
> @@ -42,9 +49,31 @@
>  
>       for (walk = archive->start;
>            (walk - 1) < (char *)(archive->start + archive->len - 1 ); walk += 
> 16) {
> -             if (strcmp(walk, MAGIC) != 0)
> +             /* I am leaving this code in here because it is so dangerous. 
> MAGIC is
> +              * #define'd to a string. That string lives in data space. All 
> of the 1M linuxbios 
> +              * image is a LAR file. Therefore, this search can walk ALL of 
> linuxbios. 
> +              * IF the MAGIC string (in code space) just happens to be 
> 16-byte aligned, 
> +              * Then the strcmp will succeed, and you will match a non-LAR 
> entry, 
> +              * and you are screwed. can this happen? YES!
> +              * LAR: Attempting to open 'fallback/initram'.
> +              * LAR: Start 0xfff00000 len 0x100000
> +              * LAR: current filename is normal/payload
> +              * LAR: current filename is normal/option_table
> +              * LAR: current filename is normal/stage2
> +              * LAR: current filename is normal/initram
> +              * LAR: current filename is R: it matches %s @ %p
> +              * That garbage is there because the pointer is in the middle 
> of a bunch 
> +              * of non-null-terminated junk. The fix is easy, as you can 
> see. 

I think the fix could be even simpler. Instead, if the first header is found,
the second header should be searched _after_ the end of the first file
in the LAR archive. Going through all of the ROM including the data
itself is plain stupid. I remember we did not do this in the beginning,
but we broke it since then.


> +             if (walk[0] != 'L')
>                       continue;
>  
> +             if (strcmp(&walk[1], MAGIC) != 0)
> +                     continue;


> +     printf("  -e pre-parse the payload ELF into LAR segments. 
> Recommended\n\n");

> +             {"parseelf", 1, 0, 'p'},

> -     while ((opt = getopt_long(argc, argv, "acC:xls:b:vVh?",

--parseelf will not work like that. 

> +/* NOTE -- This and the linuxbios lar.h are NOT IN SYNC. Be careful. */

What do you mean, by "not in sync"?

-- 
coresystems GmbH • Brahmsstr. 16 • D-79104 Freiburg i. Br.
      Tel.: +49 761 7668825 • Fax: +49 761 7664613
Email: [EMAIL PROTECTED]  • http://www.coresystems.de/
Registergericht: Amtsgericht Freiburg • HRB 7656
Geschäftsführer: Stefan Reinauer • Ust-IdNr.: DE245674866

-- 
linuxbios mailing list
[email protected]
http://www.linuxbios.org/mailman/listinfo/linuxbios

Reply via email to