[syslinux:master] DMI: Fixing memory mgmnt in dmi_memory_module_types

syslinux-bot for Laurent Licour laurent at licour.com
Thu Jul 8 08:03:23 PDT 2010 

Commit-ID:  5c558dba97becf9d56a26a17f0cff96f780cf67d
Gitweb:     http://syslinux.zytor.com/commit/5c558dba97becf9d56a26a17f0cff96f780cf67d
Author:     Laurent Licour <laurent at licour.com>
AuthorDate: Wed, 7 Jul 2010 20:53:22 +0200
Committer:  Erwan Velu <erwanaliasr1 at gmail.com>
CommitDate: Wed, 7 Jul 2010 20:53:22 +0200

DMI: Fixing memory mgmnt in dmi_memory_module_types

In some case, dmi_memory_module_types could read the entire memory as a
result of a bogus snprintf usage.


---
 com32/gplinclude/dmi/dmi_memory.h |    8 ++++----
 com32/gpllib/dmi/dmi.c            |   12 +++++++-----
 com32/gpllib/dmi/dmi_memory.c     |   18 +++++++++---------
 3 files changed, 20 insertions(+), 18 deletions(-)

diff --git a/com32/gplinclude/dmi/dmi_memory.h b/com32/gplinclude/dmi/dmi_memory.h
index 47ad7fc..4d0ad44 100644
--- a/com32/gplinclude/dmi/dmi_memory.h
+++ b/com32/gplinclude/dmi/dmi_memory.h
@@ -66,12 +66,12 @@ void dmi_memory_device_size(uint16_t code, char *size);
 const char *dmi_memory_device_form_factor(uint8_t code);
 void dmi_memory_device_set(uint8_t code, char *set);
 const char *dmi_memory_device_type(uint8_t code);
-void dmi_memory_device_type_detail(uint16_t code, char *type_detail);
+void dmi_memory_device_type_detail(uint16_t code, char *type_detail, int sizeof_type_detail);
 void dmi_memory_device_speed(uint16_t code, char *speed);
 
-void dmi_memory_module_connections(uint8_t, char *);
+void dmi_memory_module_connections(uint8_t, char *, int);
 void dmi_memory_module_speed(uint8_t, char *);
-void dmi_memory_module_types(uint16_t, const char *, char *);
-void dmi_memory_module_size(uint8_t, char *);
+void dmi_memory_module_types(uint16_t, const char *, char *, int);
+void dmi_memory_module_size(uint8_t, char *, int);
 void dmi_memory_module_error(uint8_t, const char *, char *);
 #endif
diff --git a/com32/gpllib/dmi/dmi.c b/com32/gpllib/dmi/dmi.c
index cd72fbb..507b11a 100644
--- a/com32/gpllib/dmi/dmi.c
+++ b/com32/gpllib/dmi/dmi.c
@@ -516,6 +516,8 @@ int dmi_iterate(s_dmi * dmi)
     int found = 0;
 
     /* Cleaning structures */
+    memset(dmi, 0, sizeof(s_dmi));
+
     memset(&dmi->base_board, 0, sizeof(s_base_board));
     memset(&dmi->battery, 0, sizeof(s_battery));
     memset(&dmi->bios, 0, sizeof(s_bios));
@@ -751,11 +753,11 @@ void dmi_decode(struct dmi_header *h, uint16_t ver, s_dmi * dmi)
 	dmi->memory_module[dmi->memory_module_count - 1].filled = true;
 	strlcpy(module->socket_designation, dmi_string(h, data[0x04]),
 		sizeof(module->socket_designation));
-	dmi_memory_module_connections(data[0x05], module->bank_connections);
+	dmi_memory_module_connections(data[0x05], module->bank_connections, sizeof(module->bank_connections));
 	dmi_memory_module_speed(data[0x06], module->speed);
-	dmi_memory_module_types(WORD(data + 0x07), " ", module->type);
-	dmi_memory_module_size(data[0x09], module->installed_size);
-	dmi_memory_module_size(data[0x0A], module->enabled_size);
+	dmi_memory_module_types(WORD(data + 0x07), " ", module->type, sizeof(module->type));
+	dmi_memory_module_size(data[0x09], module->installed_size, sizeof(module->installed_size));
+	dmi_memory_module_size(data[0x0A], module->enabled_size, sizeof(module->enabled_size));
 	dmi_memory_module_error(data[0x0B], "\t\t", module->error_status);
 	break;
     case 7:			/* 3.3.8 Cache Information */
@@ -836,7 +838,7 @@ void dmi_decode(struct dmi_header *h, uint16_t ver, s_dmi * dmi)
 		sizeof(mem->bank_locator));
 	strlcpy(mem->type, dmi_memory_device_type(data[0x12]),
 		sizeof(mem->type));
-	dmi_memory_device_type_detail(WORD(data + 0x13), mem->type_detail);
+	dmi_memory_device_type_detail(WORD(data + 0x13), mem->type_detail, sizeof(mem->type_detail));
 	if (h->length < 0x17)
 	    break;
 	dmi_memory_device_speed(WORD(data + 0x15), mem->speed);
diff --git a/com32/gpllib/dmi/dmi_memory.c b/com32/gpllib/dmi/dmi_memory.c
index a1f2b44..2145829 100644
--- a/com32/gpllib/dmi/dmi_memory.c
+++ b/com32/gpllib/dmi/dmi_memory.c
@@ -132,7 +132,7 @@ const char *dmi_memory_device_type(uint8_t code)
     return out_of_spec;
 }
 
-void dmi_memory_device_type_detail(uint16_t code, char *type_detail)
+void dmi_memory_device_type_detail(uint16_t code, char *type_detail, int sizeof_type_detail)
 {
     /* 3.3.18.3 */
     static const char *detail[] = {
@@ -157,7 +157,7 @@ void dmi_memory_device_type_detail(uint16_t code, char *type_detail)
 
 	for (i = 1; i <= 12; i++)
 	    if (code & (1 << i))
-		snprintf(type_detail,sizeof(type_detail), "%s", detail[i - 1]);
+		snprintf(type_detail, sizeof_type_detail, "%s", detail[i - 1]);
     }
 }
 
@@ -173,7 +173,7 @@ void dmi_memory_device_speed(uint16_t code, char *speed)
  * 3.3.7 Memory Module Information (Type 6)
  */
 
-void dmi_memory_module_types(uint16_t code, const char *sep, char *type)
+void dmi_memory_module_types(uint16_t code, const char *sep, char *type, int sizeof_type)
 {
     /* 3.3.7.1 */
     static const char *types[] = {
@@ -197,11 +197,11 @@ void dmi_memory_module_types(uint16_t code, const char *sep, char *type)
 
 	for (i = 0; i <= 10; i++)
 	    if (code & (1 << i))
-		snprintf(type,sizeof(type), "%s%s%s", type, sep, types[i]);
+		snprintf(type, sizeof_type, "%s%s%s", type, sep, types[i]);
     }
 }
 
-void dmi_memory_module_connections(uint8_t code, char *connection)
+void dmi_memory_module_connections(uint8_t code, char *connection, int sizeof_connection)
 {
     if (code == 0xFF)
 	sprintf(connection, "%s", "None");
@@ -209,7 +209,7 @@ void dmi_memory_module_connections(uint8_t code, char *connection)
 	if ((code & 0xF0) != 0xF0)
 	    sprintf(connection, "%u ", code >> 4);
 	if ((code & 0x0F) != 0x0F)
-	    snprintf(connection,sizeof(connection), "%s%u", connection, code & 0x0F);
+	    snprintf(connection, sizeof_connection, "%s%u", connection, code & 0x0F);
     }
 }
 
@@ -221,7 +221,7 @@ void dmi_memory_module_speed(uint8_t code, char *speed)
 	sprintf(speed, "%u ns", code);
 }
 
-void dmi_memory_module_size(uint8_t code, char *size)
+void dmi_memory_module_size(uint8_t code, char *size, int sizeof_size)
 {
     /* 3.3.7.2 */
     switch (code & 0x7F) {
@@ -239,9 +239,9 @@ void dmi_memory_module_size(uint8_t code, char *size)
     }
 
     if (code & 0x80)
-	snprintf(size,sizeof(size),"%s %s", size, "(Double-bank Connection)");
+	snprintf(size, sizeof_size, "%s %s", size, "(Double-bank Connection)");
     else
-	snprintf(size,sizeof(size), "%s %s", size, "(Single-bank Connection)");
+	snprintf(size, sizeof_size, "%s %s", size, "(Single-bank Connection)");
 }
 
 void dmi_memory_module_error(uint8_t code, const char *prefix, char *error)

More information about the Syslinux-commits mailing list