aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorStefan Richter <stefanr@s5r6.in-berlin.de>2007-01-03 13:32:13 -0500
committerStefan Richter <stefanr@s5r6.in-berlin.de>2007-02-08 14:59:03 -0500
commitb2051f887351864d862160e75bc24362c7af8914 (patch)
treed4e2b95a04fedbe6cbb21302dbd36259e6b4f26f
parente658bc556b3b2e699c5d9ba65fcc955f35105f42 (diff)
ieee1394: nodemgr: check info_length in ROM header earlier
The whole ROM area which is covered by the crc_length field of the ROM header was fetched before the info_length field was checked for correct general ROM format. This might be wasteful or even dangerous with nodes with minimal ROM, nonstandard ROM, or corrupt ROM. Perform this check at the earliest opportunity. Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
-rw-r--r--drivers/ieee1394/csr1212.c9
1 files changed, 6 insertions, 3 deletions
diff --git a/drivers/ieee1394/csr1212.c b/drivers/ieee1394/csr1212.c
index 889ea0dfe2db..c28f639823d2 100644
--- a/drivers/ieee1394/csr1212.c
+++ b/drivers/ieee1394/csr1212.c
@@ -1234,6 +1234,12 @@ static int csr1212_parse_bus_info_block(struct csr1212_csr *csr)
1234 csr->private); 1234 csr->private);
1235 if (ret != CSR1212_SUCCESS) 1235 if (ret != CSR1212_SUCCESS)
1236 return ret; 1236 return ret;
1237
1238 /* check ROM header's info_length */
1239 if (i == 0 &&
1240 CSR1212_BE32_TO_CPU(csr->cache_head->data[0]) >> 24 !=
1241 bytes_to_quads(csr->bus_info_len) - 1)
1242 return CSR1212_EINVAL;
1237 } 1243 }
1238 1244
1239 bi = (struct csr1212_bus_info_block_img*)csr->cache_head->data; 1245 bi = (struct csr1212_bus_info_block_img*)csr->cache_head->data;
@@ -1250,9 +1256,6 @@ static int csr1212_parse_bus_info_block(struct csr1212_csr *csr)
1250 return ret; 1256 return ret;
1251 } 1257 }
1252 1258
1253 if (bytes_to_quads(csr->bus_info_len - sizeof(csr1212_quad_t)) != bi->length)
1254 return CSR1212_EINVAL;
1255
1256#if 0 1259#if 0
1257 /* Apparently there are too many differnt wrong implementations of the 1260 /* Apparently there are too many differnt wrong implementations of the
1258 * CRC algorithm that verifying them is moot. */ 1261 * CRC algorithm that verifying them is moot. */