folkert/simh-testsetgenerator
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

PDP11, VAX: Avoid strcpy use on overlapping buffers when creating and referencing VHDs.

Browse source
This commit is contained in:
Mark Pizzolato 2014-03-18 00:44:37 -07:00
parent d04e909d5f
commit 4db30c13dd
1 changed files with 17 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
sim_disk.c
View file

@ -1461,11 +1461,11 @@ if ((namebuf = (char *) malloc (1 + strlen (uptr->filename))) == NULL) {
} }
strcpy (namebuf, uptr->filename); strcpy (namebuf, uptr->filename);
if ((c = strrchr (namebuf, '/'))) if ((c = strrchr (namebuf, '/')))
strcpy (namebuf, c+1); memcpy (namebuf, c+1, strlen(c+1)+1);
if ((c = strrchr (namebuf, '\\'))) if ((c = strrchr (namebuf, '\\')))
strcpy (namebuf, c+1); memcpy (namebuf, c+1, strlen(c+1)+1);
if ((c = strrchr (namebuf, ']'))) if ((c = strrchr (namebuf, ']')))
strcpy (namebuf, c+1); memcpy (namebuf, c+1, strlen(c+1)+1);
packid = eth_crc32(0, namebuf, strlen (namebuf)); packid = eth_crc32(0, namebuf, strlen (namebuf));
buf[0] = (uint16)packid; buf[0] = (uint16)packid;
buf[1] = (uint16)(packid >> 16) & 0x7FFF; /* Make sure MSB is clear */ buf[1] = (uint16)(packid >> 16) & 0x7FFF; /* Make sure MSB is clear */
@ -3373,7 +3373,7 @@ if ((szFileSpec[0] != '/') || (strchr (szFileSpec, ':')))
else else
strncpy (szFullFileSpecBuffer, szFileSpec, BufferSize); strncpy (szFullFileSpecBuffer, szFileSpec, BufferSize);
if ((c = strstr (szFullFileSpecBuffer, "]/"))) if ((c = strstr (szFullFileSpecBuffer, "]/")))
strcpy (c+1, c+2); memcpy (c+1, c+2, strlen(c+2)+1);
memset (szFullFileSpecBuffer + strlen (szFullFileSpecBuffer), 0, BufferSize - strlen (szFullFileSpecBuffer)); memset (szFullFileSpecBuffer + strlen (szFullFileSpecBuffer), 0, BufferSize - strlen (szFullFileSpecBuffer));
#endif #endif
} }
@ -3386,6 +3386,8 @@ HostPathToVhdPath (const char *szHostPath,
char *c, *d; char *c, *d;
strncpy (szVhdPath, szHostPath, VhdPathSize-1); strncpy (szVhdPath, szHostPath, VhdPathSize-1);
if ((szVhdPath[1] == ':') && islower(szVhdPath[0]))
szVhdPath[0] = toupper(szVhdPath[0]);
szVhdPath[VhdPathSize-1] = '\0'; szVhdPath[VhdPathSize-1] = '\0';
if ((c = strrchr (szVhdPath, ']'))) { if ((c = strrchr (szVhdPath, ']'))) {
*c = '\0'; *c = '\0';
@ -3399,14 +3401,14 @@ if ((c = strrchr (szVhdPath, ']'))) {
while ((c = strchr (szVhdPath, '/'))) while ((c = strchr (szVhdPath, '/')))
*c = '\\'; *c = '\\';
for (c = strstr (szVhdPath, "\\.\\"); c; c = strstr (szVhdPath, "\\.\\")) for (c = strstr (szVhdPath, "\\.\\"); c; c = strstr (szVhdPath, "\\.\\"))
strcpy (c, c+2); memcpy (c, c+2, strlen(c+2)+1);
for (c = strstr (szVhdPath, "\\\\"); c; c = strstr (szVhdPath, "\\\\")) for (c = strstr (szVhdPath, "\\\\"); c; c = strstr (szVhdPath, "\\\\"))
strcpy (c, c+1); memcpy (c, c+1, strlen(c+1)+1);
while ((c = strstr (szVhdPath, "\\..\\"))) { while ((c = strstr (szVhdPath, "\\..\\"))) {
*c = '\0'; *c = '\0';
d = strrchr (szVhdPath, '\\'); d = strrchr (szVhdPath, '\\');
if (d) if (d)
strcpy (d, c+3); memcpy (d, c+3, strlen(c+3)+1);
else else
return d; return d;
} }
@ -3460,6 +3462,7 @@ char *FullParentVHDPath = NULL;
char *RelativeParentVHDPathUnicode = NULL; char *RelativeParentVHDPathUnicode = NULL;
char *FullParentVHDPathUnicode = NULL; char *FullParentVHDPathUnicode = NULL;
char *FullVHDPath = NULL; char *FullVHDPath = NULL;
char *TempPath = NULL;
size_t i, RelativeMatch, UpDirectories, LocatorsWritten = 0; size_t i, RelativeMatch, UpDirectories, LocatorsWritten = 0;
int64 LocatorPosition; int64 LocatorPosition;
@ -3486,14 +3489,15 @@ FullParentVHDPath = (char*) calloc (1, BytesPerSector+2);
RelativeParentVHDPathUnicode = (char*) calloc (1, BytesPerSector+2); RelativeParentVHDPathUnicode = (char*) calloc (1, BytesPerSector+2);
FullParentVHDPathUnicode = (char*) calloc (1, BytesPerSector+2); FullParentVHDPathUnicode = (char*) calloc (1, BytesPerSector+2);
FullVHDPath = (char*) calloc (1, BytesPerSector+2); FullVHDPath = (char*) calloc (1, BytesPerSector+2);
ExpandToFullPath (szParentVHDPath, FullParentVHDPath, BytesPerSector); TempPath = (char*) calloc (1, BytesPerSector+2);
HostPathToVhdPath (FullParentVHDPath, FullParentVHDPath, BytesPerSector); ExpandToFullPath (szParentVHDPath, TempPath, BytesPerSector);
HostPathToVhdPath (TempPath, FullParentVHDPath, BytesPerSector);
for (i=0; i < strlen (FullParentVHDPath); i++) for (i=0; i < strlen (FullParentVHDPath); i++)
hVHD->Dynamic.ParentUnicodeName[i*2+1] = FullParentVHDPath[i]; /* Big Endian Unicode */ hVHD->Dynamic.ParentUnicodeName[i*2+1] = FullParentVHDPath[i]; /* Big Endian Unicode */
for (i=0; i < strlen (FullParentVHDPath); i++) for (i=0; i < strlen (FullParentVHDPath); i++)
FullParentVHDPathUnicode[i*2] = FullParentVHDPath[i]; /* Little Endian Unicode */ FullParentVHDPathUnicode[i*2] = FullParentVHDPath[i]; /* Little Endian Unicode */
ExpandToFullPath (szVHDPath, FullVHDPath, BytesPerSector); ExpandToFullPath (szVHDPath, TempPath, BytesPerSector);
HostPathToVhdPath (FullVHDPath, FullVHDPath, BytesPerSector); HostPathToVhdPath (TempPath, FullVHDPath, BytesPerSector);
for (i=0, RelativeMatch=UpDirectories=0; i<strlen(FullVHDPath); i++) for (i=0, RelativeMatch=UpDirectories=0; i<strlen(FullVHDPath); i++)
if (FullVHDPath[i] == '\\') { if (FullVHDPath[i] == '\\') {
if (memcmp (FullVHDPath, FullParentVHDPath, i+1)) if (memcmp (FullVHDPath, FullParentVHDPath, i+1))
@ -3532,6 +3536,7 @@ if (RelativeMatch) {
++LocatorsWritten; ++LocatorsWritten;
} }
hVHD->Dynamic.TableOffset = NtoHll (((LocatorPosition+LocatorsWritten*BytesPerSector + VHD_DATA_BLOCK_ALIGNMENT - 1)/VHD_DATA_BLOCK_ALIGNMENT)*VHD_DATA_BLOCK_ALIGNMENT); hVHD->Dynamic.TableOffset = NtoHll (((LocatorPosition+LocatorsWritten*BytesPerSector + VHD_DATA_BLOCK_ALIGNMENT - 1)/VHD_DATA_BLOCK_ALIGNMENT)*VHD_DATA_BLOCK_ALIGNMENT);
hVHD->Dynamic.Checksum = 0;
hVHD->Dynamic.Checksum = NtoHl (CalculateVhdFooterChecksum (&hVHD->Dynamic, sizeof(hVHD->Dynamic))); hVHD->Dynamic.Checksum = NtoHl (CalculateVhdFooterChecksum (&hVHD->Dynamic, sizeof(hVHD->Dynamic)));
hVHD->Footer.Checksum = 0; hVHD->Footer.Checksum = 0;
hVHD->Footer.DiskType = NtoHl (VHD_DT_Differencing); hVHD->Footer.DiskType = NtoHl (VHD_DT_Differencing);
@ -3595,6 +3600,7 @@ free (FullParentVHDPath);
free (RelativeParentVHDPathUnicode); free (RelativeParentVHDPathUnicode);
free (FullParentVHDPathUnicode); free (FullParentVHDPathUnicode);
free (FullVHDPath); free (FullVHDPath);
free (TempPath);
sim_vhd_disk_close ((FILE *)hVHD); sim_vhd_disk_close ((FILE *)hVHD);
hVHD = NULL; hVHD = NULL;
if (Status) { if (Status) {