patch-2.4.23 linux-2.4.23/drivers/acpi/resources/rsaddr.c
Next file: linux-2.4.23/drivers/acpi/resources/rsirq.c
Previous file: linux-2.4.23/drivers/acpi/power.c
Back to the patch index
Back to the overall index
- Lines: 126
- Date:
2003-11-28 10:26:19.000000000 -0800
- Orig file:
linux-2.4.22/drivers/acpi/resources/rsaddr.c
- Orig date:
2003-08-25 04:44:41.000000000 -0700
diff -urN linux-2.4.22/drivers/acpi/resources/rsaddr.c linux-2.4.23/drivers/acpi/resources/rsaddr.c
@@ -94,6 +94,12 @@
buffer += 1;
ACPI_MOVE_16_TO_16 (&temp16, buffer);
+ /* Validate minimum descriptor length */
+
+ if (temp16 < 13) {
+ return_ACPI_STATUS (AE_AML_BAD_RESOURCE_LENGTH);
+ }
+
*bytes_consumed = temp16 + 3;
output_struct->id = ACPI_RSTYPE_ADDRESS16;
@@ -199,8 +205,11 @@
* pointer to where the null terminated string goes:
* Each Interrupt takes 32-bits + the 5 bytes of the
* stream that are default.
+ *
+ * Note: Some resource descriptors will have an additional null, so
+ * we add 1 to the length.
*/
- if (*bytes_consumed > 16) {
+ if (*bytes_consumed > (16 + 1)) {
/* Dereference the Index */
temp8 = *buffer;
@@ -401,7 +410,7 @@
/*
* Buffer needs to be set to the length of the sting + one for the
- * terminating null
+ * terminating null
*/
buffer += (acpi_size)(ACPI_STRLEN (linked_list->data.address16.resource_source.string_ptr) + 1);
}
@@ -470,8 +479,14 @@
*/
buffer += 1;
ACPI_MOVE_16_TO_16 (&temp16, buffer);
- *bytes_consumed = temp16 + 3;
+ /* Validate minimum descriptor length */
+
+ if (temp16 < 23) {
+ return_ACPI_STATUS (AE_AML_BAD_RESOURCE_LENGTH);
+ }
+
+ *bytes_consumed = temp16 + 3;
output_struct->id = ACPI_RSTYPE_ADDRESS32;
/*
@@ -578,8 +593,11 @@
* This will leave us pointing to the Resource Source Index
* If it is present, then save it off and calculate the
* pointer to where the null terminated string goes:
+ *
+ * Note: Some resource descriptors will have an additional null, so
+ * we add 1 to the length.
*/
- if (*bytes_consumed > 26) {
+ if (*bytes_consumed > (26 + 1)) {
/* Dereference the Index */
temp8 = *buffer;
@@ -616,8 +634,8 @@
/*
* In order for the struct_size to fall on a 32-bit boundary,
- * calculate the length of the string and expand the
- * struct_size to the next 32-bit boundary.
+ * calculate the length of the string and expand the
+ * struct_size to the next 32-bit boundary.
*/
temp8 = (u8) (index + 1);
struct_size += ACPI_ROUND_UP_to_32_bITS (temp8);
@@ -848,6 +866,12 @@
buffer += 1;
ACPI_MOVE_16_TO_16 (&temp16, buffer);
+ /* Validate minimum descriptor length */
+
+ if (temp16 < 43) {
+ return_ACPI_STATUS (AE_AML_BAD_RESOURCE_LENGTH);
+ }
+
*bytes_consumed = temp16 + 3;
output_struct->id = ACPI_RSTYPE_ADDRESS64;
@@ -958,8 +982,11 @@
* pointer to where the null terminated string goes:
* Each Interrupt takes 32-bits + the 5 bytes of the
* stream that are default.
+ *
+ * Note: Some resource descriptors will have an additional null, so
+ * we add 1 to the length.
*/
- if (*bytes_consumed > 46) {
+ if (*bytes_consumed > (46 + 1)) {
/* Dereference the Index */
temp8 = *buffer;
@@ -992,7 +1019,6 @@
* Add the terminating null
*/
*temp_ptr = 0x00;
-
output_struct->data.address64.resource_source.string_length = index + 1;
/*
@@ -1064,7 +1090,6 @@
/*
* Set a pointer to the Length field - to be filled in later
*/
-
length_field = ACPI_CAST_PTR (u16, buffer);
buffer += 2;
@@ -1161,7 +1186,7 @@
/*
* Buffer needs to be set to the length of the sting + one for the
- * terminating null
+ * terminating null
*/
buffer += (acpi_size)(ACPI_STRLEN (linked_list->data.address64.resource_source.string_ptr) + 1);
}
FUNET's LINUX-ADM group, linux-adm@nic.funet.fi
TCL-scripts by Sam Shen (who was at: slshen@lbl.gov)