This patch modifies disk-label.c to not allow to read beyond

the selected partition limits. Signed-off-by: Laurent Vivier <Laurent@vivier.eu> git-svn-id: svn://coreboot.org/openbios/trunk/openbios-devel@546 f158a5a8-5612-0410-a976-696ce0be7e32
2024-02-13 08:34:06 +08:00 · 2009-08-10 20:18:27 +00:00
parent 4636eeeedf
commit 4639e7efb0
1 changed files with 15 additions and 3 deletions
--- a/modules/disk-label.c
+++ b/modules/disk-label.c
@@ -99,8 +99,8 @@ dlabel_open( dlabel_info_t *di )
 		if( ph ) {
 			di->offs_hi = 0;
 			di->offs_lo = 0;
-			di->size_hi = -1;
-			di->size_lo = -1;
+			di->size_hi = 0;
+			di->size_lo = 0;
 			di->part_ih = 0;
 			di->type = -1;
 			di->block_size = 512;
@@ -174,6 +174,13 @@ dlabel_read( dlabel_info_t *di )
 {
 	int ret, len = POP();
 	char *buf = (char*)POP();
+	llong pos = tell( di->fd );
+	ducell offs = ((ducell)di->offs_hi << BITS) | di->offs_lo;
+	ducell size = ((ducell)di->size_hi << BITS) | di->size_lo;
+
+	if (size && len > pos - offs + size) {
+		len = size - (pos - offs);
+	}

 	ret = read_io( di->fd, buf, len );
 	PUSH( ret );
@@ -188,6 +195,7 @@ dlabel_seek( dlabel_info_t *di )
 	ducell offs = ((ducell)di->offs_hi << BITS) | di->offs_lo;
 	ducell size = ((ducell)di->size_hi << BITS) | di->size_lo;

+	DPRINTF("dlabel_seek %llx [%llx, %llx]\n", pos, offs, size);
 	if( pos != -1 )
 		pos += offs;
 	else if( size ) {
@@ -196,8 +204,12 @@ dlabel_seek( dlabel_info_t *di )
 	} else {
 		/* let parent handle the EOF seek. */
 	}
+	DPRINTF("dlabel_seek: 0x%llx\n", pos );
+	if (size && (pos - offs >= size )) {
+		PUSH(-1);
+		return;
+	}

-	DPRINTF("dlabel_seek: %x %08x\n", (int)(pos>>32), (int)pos );
 	ret = seek_io( di->fd, pos );
 	PUSH( ret );
 }