Update length more correctly when parsing a cis info field.

Before, we were using
	while (*p++ && --len > 0);
to do this.  However, len doesn't get decremented for the NUL byte, so when
we used len later to see if we still have CIS left for some optional fields,
we'd run off the end of an array and dump core.

Instead, replace it with
	len -= strlen(p) + 1;
	p += strlen(p) + 1;
which is more correct.  It is a little bogus to assume that p points to
a valid C string, but only a little.  The PC Card SPEC mandates that it
does, and we already depend on that with the use of strdup a few lines
earlier.  Since much of the rest of the cis parsing code isn't hyper
retentive about error checking, I'll leave that level of checking for
another time and/or another committer :-).
This commit is contained in:
imp 2002-01-06 18:03:55 +00:00
parent 36984008da
commit 08bd33abdf

View File

@ -203,7 +203,8 @@ cis_info(struct cis *cp, unsigned char *p, int len)
} }
if (len > 1 && *p != 0xff) { if (len > 1 && *p != 0xff) {
cp->manuf = strdup(p); cp->manuf = strdup(p);
while (*p++ && --len > 0); len -= strlen(p) + 1;
p += strlen(p) + 1;
} }
if (cp->vers) { if (cp->vers) {
free(cp->vers); free(cp->vers);
@ -211,9 +212,10 @@ cis_info(struct cis *cp, unsigned char *p, int len)
} }
if (len > 1 && *p != 0xff) { if (len > 1 && *p != 0xff) {
cp->vers = strdup(p); cp->vers = strdup(p);
while (*p++ && --len > 0); len -= strlen(p) + 1;
p += strlen(p) + 1;
} else { } else {
cp->vers = strdup("?"); cp->vers = strdup("[none]");
} }
if (cp->add_info1) { if (cp->add_info1) {
free(cp->add_info1); free(cp->add_info1);
@ -221,7 +223,10 @@ cis_info(struct cis *cp, unsigned char *p, int len)
} }
if (len > 1 && *p != 0xff) { if (len > 1 && *p != 0xff) {
cp->add_info1 = strdup(p); cp->add_info1 = strdup(p);
while (*p++ && --len > 0); len -= strlen(p) + 1;
p += strlen(p) + 1;
} else {
cp->add_info1 = strdup("[none]");
} }
if (cp->add_info2) { if (cp->add_info2) {
free(cp->add_info2); free(cp->add_info2);
@ -229,6 +234,8 @@ cis_info(struct cis *cp, unsigned char *p, int len)
} }
if (len > 1 && *p != 0xff) if (len > 1 && *p != 0xff)
cp->add_info2 = strdup(p); cp->add_info2 = strdup(p);
else
cp->add_info2 = strdup("[none]");
} }
/* /*