Chameleon Commit Details - 2039 - Chameleon open source boot loader project.

Date:

2012-08-05 21:39:51 (11 years 8 months ago)

Author:

armel cadet-petit

Commit:

2039

Parents:

2038

Message:

Fixed a buffer overflow in the plist loader, minor change in smbios.c (should i port back all my security fixes )

Changes:

M	/trunk/Chameleon.xcodeproj/project.pbxproj
M	/trunk/i386/libsaio/saio_types.h
M	/trunk/CHANGES
M	/trunk/i386/libsaio/smbios.c
M	/trunk/i386/libsaio/bootstruct.h

File differences

-1120
1121 1121
1122 1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1123 1140
1124 1141
1125 1142
... ...
2682 2699
2683 2700
2684 2701
2702
2685 2703
2686 2704
2687 2705
... ...
3068 3086
3069 3087
3070 3088
3089
3090
3091
3092
3093
3094
3095
3096
3097
3098
3099
3100
3101
3102
3103
3104
3105
3106
3107
3108
3109
3110
3111
3112
3113
3114
3115
3116
3117
3118
3119
3120
3071 3121
3072 3122
3073 3123
+␉␉AB1DE71A15B6E2D00088E06B /* Makefile */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.make; path = Makefile; sourceTree = "<group>"; };␊
␉␉AB1DE71B15B6E2D00088E06B /* Sata.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = Sata.c; sourceTree = "<group>"; };␊
␉␉AB47D38A15B702F00083D898 /* org.chameleon.Boot.nvidia.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; path = org.chameleon.Boot.nvidia.plist; sourceTree = "<group>"; };␊
␉␉AB4DDA8D15CEFF2100E77157 /* acpi_codec.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = acpi_codec.c; sourceTree = "<group>"; };␊
␉␉AB4DDA8E15CEFF2100E77157 /* acpi_tools.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = acpi_tools.c; sourceTree = "<group>"; };␊
␉␉AB4DDA8F15CEFF2100E77157 /* acpicode.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = acpicode.c; sourceTree = "<group>"; };␊
␉␉AB4DDA9015CEFF2100E77157 /* ACPICodec.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = ACPICodec.c; sourceTree = "<group>"; };␊
␉␉AB4DDA9115CEFF2100E77157 /* acpidecode.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = acpidecode.c; sourceTree = "<group>"; };␊
␉␉AB4DDA9215CEFF2100E77157 /* Cconfig */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = Cconfig; sourceTree = "<group>"; };␊
␉␉AB4DDA9415CEFF2100E77157 /* acpi.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = acpi.h; sourceTree = "<group>"; };␊
␉␉AB4DDA9515CEFF2100E77157 /* acpi_codec.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = acpi_codec.h; sourceTree = "<group>"; };␊
␉␉AB4DDA9615CEFF2100E77157 /* acpi_tools.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = acpi_tools.h; sourceTree = "<group>"; };␊
␉␉AB4DDA9715CEFF2100E77157 /* acpicode.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = acpicode.h; sourceTree = "<group>"; };␊
␉␉AB4DDA9815CEFF2100E77157 /* acpidecode.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = acpidecode.h; sourceTree = "<group>"; };␊
␉␉AB4DDA9915CEFF2100E77157 /* datatype.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = datatype.h; sourceTree = "<group>"; };␊
␉␉AB4DDA9A15CEFF2100E77157 /* intel_acpi.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = intel_acpi.h; sourceTree = "<group>"; };␊
␉␉AB4DDA9B15CEFF2100E77157 /* ppm.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ppm.h; sourceTree = "<group>"; };␊
␉␉AB4DDA9C15CEFF2100E77157 /* ppmsetup.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ppmsetup.h; sourceTree = "<group>"; };␊
␉␉AB4DDA9D15CEFF2100E77157 /* Makefile */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.make; path = Makefile; sourceTree = "<group>"; };␊
␉␉AB4DDA9E15CEFF2100E77157 /* Readme.txt */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = Readme.txt; sourceTree = "<group>"; };␊
␉␉ABE4A59C15B6EA73007812A6 /* nvidia_helper.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = nvidia_helper.h; sourceTree = "<group>"; };␊
␉␉ABE4A59D15B6EA73007812A6 /* nvidia_helper.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = nvidia_helper.c; sourceTree = "<group>"; };␊
␉␉B0056CE711F3868000754B65 /* boot0.s */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.asm; path = boot0.s; sourceTree = "<group>"; };␊

␉␉A3561CAB1414024C00E9B51E /* modules */ = {␊
␉␉␉isa = PBXGroup;␊
␉␉␉children = (␊
␉␉␉␉AB4DDA8C15CEFF2100E77157 /* AcpiCodec */,␊
␉␉␉␉A3561CAC1414024C00E9B51E /* Cconfig */,␊
␉␉␉␉A3561CAD1414024C00E9B51E /* HelloWorld */,␊
␉␉␉␉A3561CB21414024C00E9B51E /* include */,␊

␉␉␉path = include;␊
␉␉␉sourceTree = "<group>";␊
␉␉};␊
␉␉AB4DDA8C15CEFF2100E77157 /* AcpiCodec */ = {␊
␉␉␉isa = PBXGroup;␊
␉␉␉children = (␊
␉␉␉␉AB4DDA8D15CEFF2100E77157 /* acpi_codec.c */,␊
␉␉␉␉AB4DDA8E15CEFF2100E77157 /* acpi_tools.c */,␊
␉␉␉␉AB4DDA8F15CEFF2100E77157 /* acpicode.c */,␊
␉␉␉␉AB4DDA9015CEFF2100E77157 /* ACPICodec.c */,␊
␉␉␉␉AB4DDA9115CEFF2100E77157 /* acpidecode.c */,␊
␉␉␉␉AB4DDA9215CEFF2100E77157 /* Cconfig */,␊
␉␉␉␉AB4DDA9315CEFF2100E77157 /* include */,␊
␉␉␉␉AB4DDA9D15CEFF2100E77157 /* Makefile */,␊
␉␉␉␉AB4DDA9E15CEFF2100E77157 /* Readme.txt */,␊
␉␉␉);␊
␉␉␉path = AcpiCodec;␊
␉␉␉sourceTree = "<group>";␊
␉␉};␊
␉␉AB4DDA9315CEFF2100E77157 /* include */ = {␊
␉␉␉isa = PBXGroup;␊
␉␉␉children = (␊
␉␉␉␉AB4DDA9415CEFF2100E77157 /* acpi.h */,␊
␉␉␉␉AB4DDA9515CEFF2100E77157 /* acpi_codec.h */,␊
␉␉␉␉AB4DDA9615CEFF2100E77157 /* acpi_tools.h */,␊
␉␉␉␉AB4DDA9715CEFF2100E77157 /* acpicode.h */,␊
␉␉␉␉AB4DDA9815CEFF2100E77157 /* acpidecode.h */,␊
␉␉␉␉AB4DDA9915CEFF2100E77157 /* datatype.h */,␊
␉␉␉␉AB4DDA9A15CEFF2100E77157 /* intel_acpi.h */,␊
␉␉␉␉AB4DDA9B15CEFF2100E77157 /* ppm.h */,␊
␉␉␉␉AB4DDA9C15CEFF2100E77157 /* ppmsetup.h */,␊
␉␉␉);␊
␉␉␉path = include;␊
␉␉␉sourceTree = "<group>";␊
␉␉};␊
␉␉B0056CE511F3868000754B65 /* i386 */ = {␊
␉␉␉isa = PBXGroup;␊
␉␉␉children = (␊
 ...
 ...
 ␉␉AB1DE71A15B6E2D00088E06B /* Makefile */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.make; path = Makefile; sourceTree = "<group>"; };␊
 ␉␉AB1DE71B15B6E2D00088E06B /* Sata.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = Sata.c; sourceTree = "<group>"; };␊
 ␉␉AB47D38A15B702F00083D898 /* org.chameleon.Boot.nvidia.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; path = org.chameleon.Boot.nvidia.plist; sourceTree = "<group>"; };␊
+␉␉AB4DDA8D15CEFF2100E77157 /* acpi_codec.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = acpi_codec.c; sourceTree = "<group>"; };␊
+␉␉AB4DDA8E15CEFF2100E77157 /* acpi_tools.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = acpi_tools.c; sourceTree = "<group>"; };␊
+␉␉AB4DDA8F15CEFF2100E77157 /* acpicode.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = acpicode.c; sourceTree = "<group>"; };␊
+␉␉AB4DDA9015CEFF2100E77157 /* ACPICodec.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = ACPICodec.c; sourceTree = "<group>"; };␊
+␉␉AB4DDA9115CEFF2100E77157 /* acpidecode.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = acpidecode.c; sourceTree = "<group>"; };␊
+␉␉AB4DDA9215CEFF2100E77157 /* Cconfig */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = Cconfig; sourceTree = "<group>"; };␊
+␉␉AB4DDA9415CEFF2100E77157 /* acpi.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = acpi.h; sourceTree = "<group>"; };␊
+␉␉AB4DDA9515CEFF2100E77157 /* acpi_codec.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = acpi_codec.h; sourceTree = "<group>"; };␊
+␉␉AB4DDA9615CEFF2100E77157 /* acpi_tools.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = acpi_tools.h; sourceTree = "<group>"; };␊
+␉␉AB4DDA9715CEFF2100E77157 /* acpicode.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = acpicode.h; sourceTree = "<group>"; };␊
+␉␉AB4DDA9815CEFF2100E77157 /* acpidecode.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = acpidecode.h; sourceTree = "<group>"; };␊
+␉␉AB4DDA9915CEFF2100E77157 /* datatype.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = datatype.h; sourceTree = "<group>"; };␊
+␉␉AB4DDA9A15CEFF2100E77157 /* intel_acpi.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = intel_acpi.h; sourceTree = "<group>"; };␊
+␉␉AB4DDA9B15CEFF2100E77157 /* ppm.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ppm.h; sourceTree = "<group>"; };␊
+␉␉AB4DDA9C15CEFF2100E77157 /* ppmsetup.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ppmsetup.h; sourceTree = "<group>"; };␊
+␉␉AB4DDA9D15CEFF2100E77157 /* Makefile */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.make; path = Makefile; sourceTree = "<group>"; };␊
+␉␉AB4DDA9E15CEFF2100E77157 /* Readme.txt */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = Readme.txt; sourceTree = "<group>"; };␊
 ␉␉ABE4A59C15B6EA73007812A6 /* nvidia_helper.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = nvidia_helper.h; sourceTree = "<group>"; };␊
 ␉␉ABE4A59D15B6EA73007812A6 /* nvidia_helper.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = nvidia_helper.c; sourceTree = "<group>"; };␊
 ␉␉B0056CE711F3868000754B65 /* boot0.s */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.asm; path = boot0.s; sourceTree = "<group>"; };␊
 ␉␉A3561CAB1414024C00E9B51E /* modules */ = {␊
 ␉␉␉isa = PBXGroup;␊
 ␉␉␉children = (␊
+␉␉␉␉AB4DDA8C15CEFF2100E77157 /* AcpiCodec */,␊
 ␉␉␉␉A3561CAC1414024C00E9B51E /* Cconfig */,␊
 ␉␉␉␉A3561CAD1414024C00E9B51E /* HelloWorld */,␊
 ␉␉␉␉A3561CB21414024C00E9B51E /* include */,␊
 ␉␉␉path = include;␊
 ␉␉␉sourceTree = "<group>";␊
 ␉␉};␊
+␉␉AB4DDA8C15CEFF2100E77157 /* AcpiCodec */ = {␊
+␉␉␉isa = PBXGroup;␊
+␉␉␉children = (␊
+␉␉␉␉AB4DDA8D15CEFF2100E77157 /* acpi_codec.c */,␊
+␉␉␉␉AB4DDA8E15CEFF2100E77157 /* acpi_tools.c */,␊
+␉␉␉␉AB4DDA8F15CEFF2100E77157 /* acpicode.c */,␊
+␉␉␉␉AB4DDA9015CEFF2100E77157 /* ACPICodec.c */,␊
+␉␉␉␉AB4DDA9115CEFF2100E77157 /* acpidecode.c */,␊
+␉␉␉␉AB4DDA9215CEFF2100E77157 /* Cconfig */,␊
+␉␉␉␉AB4DDA9315CEFF2100E77157 /* include */,␊
+␉␉␉␉AB4DDA9D15CEFF2100E77157 /* Makefile */,␊
+␉␉␉␉AB4DDA9E15CEFF2100E77157 /* Readme.txt */,␊
+␉␉␉);␊
+␉␉␉path = AcpiCodec;␊
+␉␉␉sourceTree = "<group>";␊
+␉␉};␊
+␉␉AB4DDA9315CEFF2100E77157 /* include */ = {␊
+␉␉␉isa = PBXGroup;␊
+␉␉␉children = (␊
+␉␉␉␉AB4DDA9415CEFF2100E77157 /* acpi.h */,␊
+␉␉␉␉AB4DDA9515CEFF2100E77157 /* acpi_codec.h */,␊
+␉␉␉␉AB4DDA9615CEFF2100E77157 /* acpi_tools.h */,␊
+␉␉␉␉AB4DDA9715CEFF2100E77157 /* acpicode.h */,␊
+␉␉␉␉AB4DDA9815CEFF2100E77157 /* acpidecode.h */,␊
+␉␉␉␉AB4DDA9915CEFF2100E77157 /* datatype.h */,␊
+␉␉␉␉AB4DDA9A15CEFF2100E77157 /* intel_acpi.h */,␊
+␉␉␉␉AB4DDA9B15CEFF2100E77157 /* ppm.h */,␊
+␉␉␉␉AB4DDA9C15CEFF2100E77157 /* ppmsetup.h */,␊
+␉␉␉);␊
+␉␉␉path = include;␊
+␉␉␉sourceTree = "<group>";␊
+␉␉};␊
 ␉␉B0056CE511F3868000754B65 /* i386 */ = {␊
 ␉␉␉isa = PBXGroup;␊
 ␉␉␉children = (␊

-52
53 53
54 54
55 
56 
57 
58 
59 
60 55
61 56
62 57
+␊
#define CONFIG_SIZE (40 * 4096)␊
␊
/*␊
 * Max size for config data array, in bytes.␊
 */␊
#define IO_CONFIG_DATA_SIZE␉␉163840␊
␊
#define kMemoryMapCountMax 40␊
␊
/*␊
 ␊
 #define CONFIG_SIZE (40 * 4096)␊
 ␊
-/*␊
- * Max size for config data array, in bytes.␊
- */␊
-#define IO_CONFIG_DATA_SIZE␉␉163840␊
-␊
 #define kMemoryMapCountMax 40␊
 ␊
 /*␊

-389
390 390
391 391
392 
393 
394 
395 
396 
397 
398 
399 
392
393
394
395
396
397
398
399
400
401
402
403
404
400 405
401 406
402 407
+␉␉current = structHeader->handle;␊
␉}␊
␊
␉sprintf(key, "%s%d", keyString, idx);␊
␊
␉if (value)␊
␉␉if (getIntForKey(key, (int *)&(value->dword), SMBPlist))␊
␉␉␉return true;␊
␉else␊
␉␉if (getValueForKey(key, string, &len, SMBPlist))␊
␉␉␉return true;␊
␉sprintf(key, "%s%d", keyString, idx);␉␊
    ␊
    if (value) ␊
    {␊
        if (getIntForKey(key, (int *)&(value->dword), SMBPlist))␊
            return true;␊
    }␊
    else ␊
    {␊
        if (getValueForKey(key, string, &len, SMBPlist))␊
            return true;␊
    }␊
    ␊
␉return false;␊
}␊
␊
 ␉␉current = structHeader->handle;␊
 ␉}␊
 ␊
-␉sprintf(key, "%s%d", keyString, idx);␊
-␊
-␉if (value)␊
-␉␉if (getIntForKey(key, (int *)&(value->dword), SMBPlist))␊
-␉␉␉return true;␊
-␉else␊
-␉␉if (getValueForKey(key, string, &len, SMBPlist))␊
-␉␉␉return true;␊
+␉sprintf(key, "%s%d", keyString, idx);␉␊
+    ␊
+    if (value) ␊
+    {␊
+        if (getIntForKey(key, (int *)&(value->dword), SMBPlist))␊
+            return true;␊
+    }␊
+    else ␊
+    {␊
+        if (getValueForKey(key, string, &len, SMBPlist))␊
+            return true;␊
+    }␊
+    ␊
 ␉return false;␊
 }␊
 ␊

-63
64 64
65 65
66
67
68
69
70
66 71
67 
72
68 73
69 74
70 75
+};␊
typedef struct Tag Tag, *TagPtr;␊
␊
/*␊
 * Max size fo config data array, in bytes.␊
 */␊
#define IO_CONFIG_DATA_SIZE␉␉40960 // was 4096 // was 163840␊
␊
typedef struct {␊
␉char␉plist[16384];␉// buffer for plist␊
␉char␉plist[IO_CONFIG_DATA_SIZE];␉// buffer for plist␊
␉TagPtr␉dictionary;␉␉// buffer for xml dictionary␊
␉bool␉canOverride;␉// flag to mark a dictionary can be overriden␊
} config_file_t;␊
 };␊
 typedef struct Tag Tag, *TagPtr;␊
 ␊
+/*␊
+ * Max size fo config data array, in bytes.␊
+ */␊
+#define IO_CONFIG_DATA_SIZE␉␉40960 // was 4096 // was 163840␊
+␊
 typedef struct {␊
-␉char␉plist[16384];␉// buffer for plist␊
+␉char␉plist[IO_CONFIG_DATA_SIZE];␉// buffer for plist␊
 ␉TagPtr␉dictionary;␉␉// buffer for xml dictionary␊
 ␉bool␉canOverride;␉// flag to mark a dictionary can be overriden␊
 } config_file_t;␊

-
1 2
2 3
3 4
+- cparm : Fixed a buffer overflow in the plist loader␊
- cparm : Ported the nvidia plist helper (less time to spend on the device id more time to code :-) )␊
- cparm : Added a Sata module, known as YellowIconFixer in my branch, useful to fix yellow icon issue (can also fix an issue with the apple's dvd player application in moutain lion)␊
  , for now not added in the pkg script !!! ␊
+- cparm : Fixed a buffer overflow in the plist loader␊
 - cparm : Ported the nvidia plist helper (less time to spend on the device id more time to code :-) )␊
 - cparm : Added a Sata module, known as YellowIconFixer in my branch, useful to fix yellow icon issue (can also fix an issue with the apple's dvd player application in moutain lion)␊
   , for now not added in the pkg script !!! ␊

Download the corresponding diff file