Add a validbcd() routine that uses the bcd2bin_data[] array and returns a

bool indicating whether the input value represents a valid BCD byte. The existing bcd2bin() routine will KASSERT if asked to convert a bad value, but sometimes the kernel has to handle BCD data from untrusted sources, so this will provide a mechanism to validate data before attempting conversion. This would be have easier/cleaner if the bcd2bin_data[] array contained an out-of-range value (such as 0xff) in the infill locations that aren't valid, but it's a global symbol that might be referenced by out-of-tree code relying on the current scheme, so I'm leaving that alone.
2017-12-31 22:43:24 +00:00 · 2017-12-31 22:43:24 +00:00 · 97b17432b4
commit 97b17432b4
parent 73ace5c469
2 changed files with 8 additions and 0 deletions
--- a/stand/libsa/stand.h
+++ b/stand/libsa/stand.h
@ -354,6 +354,7 @@ extern char const	hex2ascii_data[];
 #define	bcd2bin(bcd)	(bcd2bin_data[bcd])
 #define	bin2bcd(bin)	(bin2bcd_data[bin])
 #define	hex2ascii(hex)	(hex2ascii_data[hex])
+#define	validbcd(bcd)	(bcd == 0 || (bcd > 0 && bcd <= 0x99 && bcd2bin_data[bcd] != 0))

 /* min/max (undocumented) */
 static __inline int imax(int a, int b) { return (a > b ? a : b); }
--- a/sys/sys/libkern.h
+++ b/sys/sys/libkern.h
@ -82,6 +82,13 @@ hex2ascii(int hex)
 	return (hex2ascii_data[hex]);
 }

+static inline bool
+validbcd(int bcd)
+{
+
+	return (bcd == 0 || (bcd > 0 && bcd <= 0x99 && bcd2bin_data[bcd] != 0));
+}
+
 static __inline int imax(int a, int b) { return (a > b ? a : b); }
 static __inline int imin(int a, int b) { return (a < b ? a : b); }
 static __inline long lmax(long a, long b) { return (a > b ? a : b); }