Re: [coreboot] [bios_extract] filenames patch for phoenix

2010-01-11 Thread Matthias Wenzel 
Peter Stuge wrote:
> Matthias Wenzel wrote:
>> +++ b/phoenix.c
> ..
>> @@ -117,10 +117,10 @@ PhoenixModule(unsigned char *BIOSImage, int 
>> BIOSLength, int Offset)
>>  
>>  ModuleName = PhoenixModuleNameGet(Module->Type);
>>  if (ModuleName) {
>> -filename = malloc(strlen(ModuleName) + 7);
>> +filename = malloc(strlen(ModuleName) + 7 + 3);
>>  sprintf(filename, "%s_%1d.rom", ModuleName, Module->Id);
>>  } else {
>> -filename = malloc(9);
>> +filename = malloc(9 + 3);
>>  sprintf(filename, "%02X_%1d.rom", Module->Type, Module->Id);
>>  }
> 
> If everything (also Type) is u8 then the above is 1 byte extra :) but
> better safe than sorry!

Both are u8, and yes, I was conservative as some C-libs (other than
glibc) might add a sign with the "%1d". Maybe we should write "%1u" or
even "%.3" to be clearer.

mazzoo

-- 
coreboot mailing list: coreboot@coreboot.org
http://www.coreboot.org/mailman/listinfo/coreboot

Re: [coreboot] [bios_extract] filenames patch for phoenix

2010-01-11 Thread Peter Stuge 
Matthias Wenzel wrote:
> +++ b/phoenix.c
..
> @@ -117,10 +117,10 @@ PhoenixModule(unsigned char *BIOSImage, int BIOSLength, 
> int Offset)
>  
>  ModuleName = PhoenixModuleNameGet(Module->Type);
>  if (ModuleName) {
> - filename = malloc(strlen(ModuleName) + 7);
> + filename = malloc(strlen(ModuleName) + 7 + 3);
>   sprintf(filename, "%s_%1d.rom", ModuleName, Module->Id);
>  } else {
> - filename = malloc(9);
> + filename = malloc(9 + 3);
>   sprintf(filename, "%02X_%1d.rom", Module->Type, Module->Id);
>  }

If everything (also Type) is u8 then the above is 1 byte extra :) but
better safe than sorry!

If anything is larger than u8 then the above needs some more bytes.


//Peter

-- 
coreboot mailing list: coreboot@coreboot.org
http://www.coreboot.org/mailman/listinfo/coreboot

[coreboot] [bios_extract] filenames patch for phoenix

2010-01-10 Thread Matthias Wenzel 
Hi,

attached is a small patch for phoenix part in bios_extract to replace
terrible filenames containing '*', '?' or '<'

also fixes 2 bufferoverflows in the filename handling.

mazzoo
diff --git a/phoenix.c b/phoenix.c
index dd630a1..83b86b4 100644
--- a/phoenix.c
+++ b/phoenix.c
@@ -61,9 +61,9 @@ PhoenixModuleNames[] = {
 {'H', "tcpa_H"}, /* TCPA (Trusted Computing), USBKCLIB? */
 {'K', "tcpa_K"}, /* TCPA (Trusted Computing), "AUTH"? */
 {'Q', "tcpa_Q"}, /* TCPA (Trusted Computing), "SROM"? */
-{'<', "tcpa_<"},
-{'*', "tcpa_*"},
-{'?', "tcpa_?"},
+{'<', "tcpa_LT"},
+{'*', "tcpa_AS"},
+{'?', "tcpa_QM"},
 {'J', "SmartCardPAS"},
 };
 
@@ -117,10 +117,10 @@ PhoenixModule(unsigned char *BIOSImage, int BIOSLength, int Offset)
 
 ModuleName = PhoenixModuleNameGet(Module->Type);
 if (ModuleName) {
-	filename = malloc(strlen(ModuleName) + 7);
+	filename = malloc(strlen(ModuleName) + 7 + 3);
 	sprintf(filename, "%s_%1d.rom", ModuleName, Module->Id);
 } else {
-	filename = malloc(9);
+	filename = malloc(9 + 3);
 	sprintf(filename, "%02X_%1d.rom", Module->Type, Module->Id);
 }
 
-- 
coreboot mailing list: coreboot@coreboot.org
http://www.coreboot.org/mailman/listinfo/coreboot