Re: [LinuxBIOS] [PATCH] LAR checksums

Mon, 01 Oct 2007 02:58:17 -0700 

On 06.09.2007 03:23, Alex Beregszaszi wrote:
> Hi,
> 
> checksum-fix.diff fixes a checksum calculation bug in the lar utility,
> where it would checksum less bytes then desired.
> 
> lar-check-sum.diff implements checksum checking in the runtime lar code.
> 
> I implemented the check inside the filename check, thus it wont be
> executed on unneeded entries. As my assumption was that I cant modify
> the memory, the code is skipping bytes between 20-24 of the header
> (checksum field) to generate a correct sum.

Byte 20-24? Our checksum does not have 5 bytes. It seems both your
comment and the implementation suffer from a off-by-one error.

> This is bad, as the numbers shall be updated at every lar structure

Try offsetof() and sizeof() to fix that.

> change. This is good, as we are not writing to memory.
> 
> --
> Alex

Carl-Daniel

> ------------------------------------------------------------------------
> 
> Signed-off-by: Alex Beregszaszi <[EMAIL PROTECTED]>
> 
> Index: util/lar/stream.c
> ===================================================================
> --- util/lar/stream.c (revision 494)
> +++ util/lar/stream.c (working copy)
> @@ -815,7 +825,7 @@
>  
>       csum = 0;
>       for (walk = (u32 *) (lar->map + offset);
> -          walk < (u32 *) (lar->map + complen + hlen);
> +          walk < (u32 *) (lar->map + offset + complen + hlen);
>            walk++) {
>               csum += ntohl(*walk);
>       }
> 
> 
> ------------------------------------------------------------------------
> 
> Signed-off-by: Alex Beregszaszi <[EMAIL PROTECTED]>
> 
> Index: lib/lar.c
> ===================================================================
> --- lib/lar.c (revision 494)
> +++ lib/lar.c (working copy)
> @@ -99,9 +99,21 @@
>               fullname = walk + sizeof(struct lar_header);
>  
>               printk(BIOS_SPEW, "LAR: search for %s\n", fullname);
> -             // FIXME: check checksum
>  
>               if (strcmp(fullname, filename) == 0) {
> +                     u32 csum = 0, *p = (u32 *)walk;
> +
> +                     /* validate checksum */
> +                     for (; p < (u32 
> *)(walk+ntohl(header->len)+ntohl(header->offset)); p++)
> +                         /* skip the checksum field itself */
> +                         if (((char*)p-walk) < 20 || ((char*)p - walk) > 24)

see above.

> +                             csum += ntohl(*p);
> +                     if (csum != ntohl(header->checksum)) {
> +                         printk(BIOS_SPEW, "LAR: checksum failed on %s, 
> skipping (%x != %x)\n",
> +                             fullname, csum, ntohl(header->checksum));
> +                         return 1;
> +                     }
> +
>                       printk(BIOS_SPEW, "LAR: CHECK %s @ %p\n", fullname, 
> header);
>                       result->start = walk + ntohl(header->offset);
>                       result->len = ntohl(header->len);
> 


-- 
http://www.hailfinger.org/


-- 
linuxbios mailing list
linuxbios@linuxbios.org
http://www.linuxbios.org/mailman/listinfo/linuxbios

Reply via email to