Index: branches/cparm/CHANGES =================================================================== --- branches/cparm/CHANGES (revision 2114) +++ branches/cparm/CHANGES (revision 2115) @@ -1,4 +1,8 @@ - Security fixes +- Fixed few bugs in AcpiCodec +- Fixes some bugs related to the auto-installer + +- Security fixes - Using of optimized version for bcopy, bzero, strcmp, strcpy, strncpy, strlcat, strlcpy, strlen, strncmp, memset and memcmp - Replaced strcmp (deprecated and unsecure) by strncmp as far as possible - Decided to keep ld_classic to keep the compatibility with the apple's compiler from snow leopard (xcode 3.x) to Mountain lion (xcode 4.5) (in fact this has not changed since the last commit ;-) ) Index: branches/cparm/i386/libsaio/xml.c =================================================================== --- branches/cparm/i386/libsaio/xml.c (revision 2114) +++ branches/cparm/i386/libsaio/xml.c (revision 2115) @@ -253,7 +253,7 @@ XMLParseFile( char * buffer, TagPtr * dict ) { long length, pos; - TagPtr tag; + TagPtr tag = 0; pos = 0; char *configBuffer; @@ -544,6 +544,7 @@ TagPtr tagList, tmpTag; tagList = 0; + tmpTag = 0; pos = 0; if (!empty) @@ -911,7 +912,7 @@ NewTag( void ) { long cnt; - TagPtr tag; + TagPtr tag = 0; if (gTagsFree == 0) { Index: branches/cparm/i386/libsaio/disk.c =================================================================== --- branches/cparm/i386/libsaio/disk.c (revision 2114) +++ branches/cparm/i386/libsaio/disk.c (revision 2115) @@ -55,6 +55,7 @@ #include "bootstruct.h" #include "platform.h" #include "sl.h" +#include "convert.h" #include "fdisk.h" #ifdef UFS_SUPPORT @@ -202,6 +203,7 @@ static bool getOSVersion(BVRef bvr, char *str); static bool CheckDarwin(BVRef bvr); static bool getOSInstallVersion(const char *dirSpec, char *str, config_file_t *systemVersion); +static bool getOSInstallURL(BVRef bvr, const char *dirSpec, config_file_t *config_file); //========================================================================== @@ -1584,6 +1586,14 @@ XMLGetElementWithID(pkg_p, "com.apple.mpkg.OSInstall"), (const char*)"Version")); + + if (!version) + { + version = XMLCastString(XMLGetProperty( + XMLGetElementWithID(pkg_p, + "com.apple.pkg.CompatibilityUpdate"), + (const char*)"Version")); + } if (version && strlen(version) >= 4) { @@ -1598,15 +1608,54 @@ return false; } +static bool getOSInstallURL(BVRef bvr, const char *dirSpec, config_file_t *config_file) +{ + if (!loadConfigFile(dirSpec, config_file)) + { + char *encoded_url = XMLCastString(XMLGetProperty(config_file->dictionary, (const char*)"Product URL")); + + if (!encoded_url) { + goto out; + } + + DBG("encoded_url %s\n",encoded_url); + + //char * dev_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"; // strlen = 36 + + //char * osx_product = "x-osproduct://"; // strlen = 14 + + char * val = &encoded_url[(36+14)+1]; + + DBG("val %s\n",val); + + char * buffer = newStringFromURL(val); + + if (!buffer) + { + goto out; + } + + DBG("buffer %s\n",buffer); + + strlcpy(bvr->OSInstall, buffer, sizeof(bvr->OSInstall)); + + free(buffer); + + return true; + } +out: + return false; +} + static bool getOSVersion(BVRef bvr, char *str) { bool valid = false; - config_file_t systemVersion; + config_file_t config_file; char dirSpec[512]; snprintf(dirSpec, sizeof(dirSpec),"hd(%d,%d)/System/Library/CoreServices/SystemVersion.plist", BIOS_DEV_UNIT(bvr), bvr->part_no); - if (!loadConfigFile(dirSpec, &systemVersion)) + if (!loadConfigFile(dirSpec, &config_file)) { valid = true; } @@ -1614,26 +1663,30 @@ { snprintf(dirSpec, sizeof(dirSpec),"hd(%d,%d)/System/Library/CoreServices/ServerVersion.plist", BIOS_DEV_UNIT(bvr), bvr->part_no); - if (!loadConfigFile(dirSpec, &systemVersion)) + if (!loadConfigFile(dirSpec, &config_file)) { bvr->OSisServer = true; valid = true; } else { - snprintf(dirSpec, sizeof(dirSpec),"hd(%d,%d)/OS X Install Data/index.sproduct", BIOS_DEV_UNIT(bvr), bvr->part_no); // 10.8 - - if (!getOSInstallVersion(dirSpec, str, &systemVersion)) - { - snprintf(dirSpec, sizeof(dirSpec),"hd(%d,%d)/Mac OS X Install Data/index.sproduct", BIOS_DEV_UNIT(bvr), bvr->part_no); // 10.7 - - if (!getOSInstallVersion(dirSpec, str, &systemVersion)) - return false; - else - return true; - + snprintf(dirSpec, sizeof(dirSpec),"hd(%d,%d)/.IAProductInfo", BIOS_DEV_UNIT(bvr), bvr->part_no); + DBG("dirSpec %s\n",dirSpec); + + if (!loadConfigFile(dirSpec, &config_file)) + { + if (getOSInstallURL(bvr, dirSpec, &config_file)) + { + snprintf(dirSpec, sizeof(dirSpec),"hd(%d,%d)/%s/index.sproduct", BIOS_DEV_UNIT(bvr), bvr->part_no, bvr->OSInstall); + + DBG("dirSpec %s\n",dirSpec); + + if (!getOSInstallVersion(dirSpec, str, &config_file)) + return false; + else + return true; + } } - else return true; } } @@ -1642,7 +1695,7 @@ const char *val; int len; - if (getValueForKey(kProductVersion, &val, &len, &systemVersion)) + if (getValueForKey(kProductVersion, &val, &len, &config_file)) { // getValueForKey uses const char for val // so copy it and trim Index: branches/cparm/i386/libsaio/smbios.c =================================================================== --- branches/cparm/i386/libsaio/smbios.c (revision 2114) +++ branches/cparm/i386/libsaio/smbios.c (revision 2115) @@ -59,8 +59,6 @@ #define SMBIOS_GETLEN(base) SMBIOS_GET8(base, 0x01) #define SMBIOS_GETSTR(base) ((base) + SMBIOS_GETLEN(base)) -typedef char* caddr_t; - static uint8_t smbios_checksum(const caddr_t addr, const uint8_t len) { Index: branches/cparm/i386/libsaio/uthash.h =================================================================== --- branches/cparm/i386/libsaio/uthash.h (revision 2114) +++ branches/cparm/i386/libsaio/uthash.h (revision 2115) @@ -639,8 +639,10 @@ unsigned _he_bkt_i; \ struct UT_hash_handle *_he_thh, *_he_hh_nxt; \ UT_hash_bucket *_he_new_buckets, *_he_newbkt; \ - _he_new_buckets = (UT_hash_bucket*)uthash_malloc( \ - 2 * tbl->num_buckets * sizeof(struct UT_hash_bucket)); \ + unsigned long _he_bkt_size = 2 * tbl->num_buckets \ + * sizeof(struct UT_hash_bucket); \ + if (!(_he_bkt_size > 0)) { uthash_fatal( "unknown error"); } \ + _he_new_buckets = (UT_hash_bucket*)uthash_malloc(_he_bkt_size); \ if (!_he_new_buckets) { uthash_fatal( "out of memory"); } \ memset(_he_new_buckets, 0, \ 2 * tbl->num_buckets * sizeof(struct UT_hash_bucket)); \ Index: branches/cparm/i386/libsaio/stringTable.c =================================================================== --- branches/cparm/i386/libsaio/stringTable.c (revision 2114) +++ branches/cparm/i386/libsaio/stringTable.c (revision 2115) @@ -600,7 +600,7 @@ int ParseXMLFile( char * buffer, TagPtr * dict ) { long length, pos; - TagPtr tag; + TagPtr tag = 0; pos = 0; char *configBuffer; @@ -766,19 +766,20 @@ char *dirspec[] = { "rd(0,0)/Library/Preferences/SystemConfiguration/com.apple.Boot.plist", "/Library/Preferences/SystemConfiguration/com.apple.Boot.plist", - "bt(0,0)/Library/Preferences/SystemConfiguration/com.apple.Boot.plist", - "rd(0,0)/OS X Install Data/com.apple.Boot.plist", - "/OS X Install Data/com.apple.Boot.plist", - "bt(0,0)/OS X Install Data/com.apple.Boot.plist", - "rd(0,0)/Mac OS X Install Data/com.apple.Boot.plist", - "/Mac OS X Install Data/com.apple.Boot.plist", - "bt(0,0)/Mac OS X Install Data/com.apple.Boot.plist" + "bt(0,0)/Library/Preferences/SystemConfiguration/com.apple.Boot.plist" }; + char *dirspecInstall[] = { + "rd(0,0)/%s/com.apple.Boot.plist", + "/%s/com.apple.Boot.plist", + "bt(0,0)/%s/com.apple.Boot.plist" + }; + char tmp[60]; + config_file_t *config = &bootInfo->SystemConfig; - int i, fd, count, ret=-1, fixedsize; + int i, fd, count, fixedsize; for(i = 0; (unsigned)i< sizeof(dirspec)/sizeof(dirspec[0]); i++) { @@ -793,12 +794,32 @@ // build xml dictionary ParseXMLFile(config->plist, &config->dictionary); safe_set_env(envSysConfigValid,true); - ret=0; - break; + return 0; } } - return ret; + BVRef bvr = ((BVRef)(uint32_t)get_env(envgBootVolume)); + + for(i = 0; (unsigned)i< sizeof(dirspecInstall)/sizeof(dirspecInstall[0]); i++) + { + snprintf(tmp, sizeof(tmp),dirspecInstall[i], bvr->OSInstall); + + if ((fd = open(tmp)) >= 0) + { + // read file + fixedsize = MIN(file_size(fd),IO_CONFIG_DATA_SIZE); + count = read(fd, config->plist, fixedsize); + close(fd); + if (count != fixedsize) continue; + + // build xml dictionary + ParseXMLFile(config->plist, &config->dictionary); + safe_set_env(envSysConfigValid,true); + return 0; + } + } + + return -1; } #ifdef BOOT_HELPER_SUPPORT Index: branches/cparm/i386/libsaio/convert.c =================================================================== --- branches/cparm/i386/libsaio/convert.c (revision 2114) +++ branches/cparm/i386/libsaio/convert.c (revision 2115) @@ -7,6 +7,32 @@ #include "convert.h" +/** convert URL to a string */ +char * newStringFromURL(char* string) +{ + char * buffer = newString(string); + + int maxlen = strlen(buffer); + + // replace "%20" by spaces. + int len = 0; + while (buffer[len] != '\0') { + if (buffer[len] == '%' && buffer[len+1] == '2' && buffer[len+2] == '0') + { + buffer[len] = ' '; + + strlcpy(&buffer[len+1], &buffer[len+3], maxlen - (len+1)); + } + len++; + } + + //DBG("%s maxlen : %d, newlen : %lu\n",buffer, maxlen, strlen(buffer)); + // This will leak a little bit, i mean as you can see the final string will be slightly smaller than the allocated string buffer, + // to fix this you can realloc the buffer, or do another newString(xxx) then free the first buffer, i choose to do nothing. + + return buffer ; +} + /** Transform a 16 bytes hexadecimal value UUID to a string */ const char * getStringFromUUID(const EFI_CHAR8* eUUID) { Index: branches/cparm/i386/libsaio/saio_types.h =================================================================== --- branches/cparm/i386/libsaio/saio_types.h (revision 2114) +++ branches/cparm/i386/libsaio/saio_types.h (revision 2115) @@ -282,6 +282,7 @@ bool filtered; /* newFilteredBVChain() will set to TRUE */ bool visible; /* will shown in the device list */ char OSVersion[8]; + char OSInstall[30]; bool kernelfound; /* mach_kernel found in default location, currently only /mach_kernel is supported */ bool OSisServer; /* 1 = OS X server , 0 = OS X client, not to be confused with Platform->CPU.isServer which means it tries to emulate an xserve in the smbios */ }; Index: branches/cparm/i386/libsaio/convert.h =================================================================== --- branches/cparm/i386/libsaio/convert.h (revision 2114) +++ branches/cparm/i386/libsaio/convert.h (revision 2115) @@ -17,6 +17,7 @@ EFI_CHAR8* getUUIDFromString(const char *source); void *convertHexStr2Binary(const char *hexStr, int *outLength); uint32_t ascii_hex_to_int(char *buff); +char * newStringFromURL(char* string); static inline uint16_t dp_swap16(uint16_t toswap) { Index: branches/cparm/i386/libsaio/fake_efi.c =================================================================== --- branches/cparm/i386/libsaio/fake_efi.c (revision 2114) +++ branches/cparm/i386/libsaio/fake_efi.c (revision 2115) @@ -613,25 +613,30 @@ EFI_CHAR16* dst = 0; - if (!key || !(*key) || !src) return 0; + if (!key || !(*key) || !src) goto error; int tmp_len = strlen(src); - dst = (EFI_CHAR16*) malloc( ((tmp_len)+1) * 2 ); + *len = ((tmp_len)+1) * 2; // return the CHAR16 bufsize in cluding zero terminated CHAR16 + + if (!(*len > 0)) goto error; + + dst = (EFI_CHAR16*) malloc( *len ); if (!dst) { - *len = 0; - return NULL; + goto error; } - *len = tmp_len; { size_t i = 0; - for (; i < (*len); i++) dst[i] = src[i]; + for (; i < (tmp_len); i++) dst[i] = src[i]; } - dst[(*len)] = '\0'; - *len = ((*len)+1)*2; // return the CHAR16 bufsize in cluding zero terminated CHAR16 + dst[(tmp_len)] = '\0'; return dst; + +error: + *len = 0; + return NULL; } /* Index: branches/cparm/i386/boot2/boot.c =================================================================== --- branches/cparm/i386/boot2/boot.c (revision 2114) +++ branches/cparm/i386/boot2/boot.c (revision 2115) @@ -683,9 +683,9 @@ } } while (0); } - + do { - if (trycache == true) + if (trycache == true || forcecache == true) { bootFile = gBootKernelCacheFile; verbose("Loading kernel cache %s\n", bootFile); Index: branches/cparm/i386/modules/ACPICodec/acpi_codec.c =================================================================== --- branches/cparm/i386/modules/ACPICodec/acpi_codec.c (revision 2114) +++ branches/cparm/i386/modules/ACPICodec/acpi_codec.c (revision 2115) @@ -216,11 +216,14 @@ for (index = 0; index < (MAX_ACPI_TABLE + RESERVED_AERA); index++) { - if (*(U32 *) (table_array[index]->Signature) == Signature) - { - *retIndex = index; - return table_array[index] ; - } + if (table_array[index]) + { + if (*(U32 *) (table_array[index]->Signature) == Signature) + { + *retIndex = index; + return table_array[index] ; + } + } } return (void*)0ul; } @@ -233,10 +236,13 @@ for (index = 0; index < (MAX_ACPI_TABLE + RESERVED_AERA); index++) { - if (*(U32 *) (table_array[index]->Signature) == Signature) - { - InstalledTables++ ; - } + if (table_array[index]) + { + if (*(U32 *) (table_array[index]->Signature) == Signature) + { + InstalledTables++ ; + } + } } return InstalledTables; } @@ -1581,7 +1587,7 @@ * expert mode : 1 , mean add only p-states found in boot.plist */ - TagPtr PstateTag; + TagPtr PstateTag = 0; U32 pstate_tag_count = 0; { @@ -1759,7 +1765,7 @@ { { - TagPtr CstateTag; + TagPtr CstateTag = 0; U32 entry_count = 0; if (personality->dictionary) @@ -4914,7 +4920,7 @@ if (rsdp == (void*)0ul || (GetChecksum(rsdp, (rsdp->Revision == 0) ? ACPI_RSDP_REV0_SIZE:sizeof(ACPI_TABLE_RSDP)) != 0) ) { - printf("Error : ACPI RSD PTR Revision %d checksum is incorrect or table not found \n",rsdp->Revision ); + printf("Error : ACPI RSD PTR checksum is incorrect or table not found \n"); Register_Acpi_Efi(NULL, 0); return EFI_UNSUPPORTED; } Index: branches/cparm/i386/libsa/libsa.h =================================================================== --- branches/cparm/i386/libsa/libsa.h (revision 2114) +++ branches/cparm/i386/libsa/libsa.h (revision 2115) @@ -55,6 +55,9 @@ #define isxdigit(c) ((c >= '0' && c <= '9') || (c >= 'A' && c <= 'F') || (c >= 'a' && c <= 'f')) #define ispunct(c) (c == '.' || c == '-') //Azi: TODO - add more ponctuation characters as needed; at least these two, i need for PartNo. + +typedef char* caddr_t; + /* * string.c */ @@ -109,12 +112,6 @@ extern unsigned long long strtouq(const char *nptr, char ** endptr, int base); /* - * prf.c - */ -//extern int prf(const char * fmt, va_list ap, void (*putfn_p)(), -// void * putfn_arg); - -/* * printf.c */ extern int sprintf(char *s, const char * format, ...); Index: branches/cparm/i386/libsa/printf.c =================================================================== --- branches/cparm/i386/libsa/printf.c (revision 2114) +++ branches/cparm/i386/libsa/printf.c (revision 2115) @@ -651,194 +651,4 @@ retval = vsnprintf(str, size, format, ap); va_end(ap); return(retval); -} - -#if 0 -/* - * Copyright (c) 1999-2003 Apple Computer, Inc. All rights reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * Portions Copyright (c) 1999-2003 Apple Computer, Inc. All Rights - * Reserved. This file contains Original Code and/or Modifications of - * Original Code as defined in and that are subject to the Apple Public - * Source License Version 2.0 (the "License"). You may not use this file - * except in compliance with the License. Please obtain a copy of the - * License at http://www.apple.com/publicsource and read it before using - * this file. - * - * The Original Code and all software distributed under the License are - * distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE OR NON- INFRINGEMENT. Please see the - * License for the specific language governing rights and limitations - * under the License. - * - * @APPLE_LICENSE_HEADER_END@ - */ -/* - * Mach Operating System - * Copyright (c) 1990 Carnegie-Mellon University - * Copyright (c) 1989 Carnegie-Mellon University - * Copyright (c) 1988 Carnegie-Mellon University - * Copyright (c) 1987 Carnegie-Mellon University - * All rights reserved. The CMU software License Agreement specifies - * the terms and conditions for use and redistribution. - */ -/* - * Copyright (c) 1982, 1986 Regents of the University of California. - * All rights reserved. The Berkeley software License Agreement - * specifies the terms and conditions for redistribution. - * - * @(#)prf.c 7.1 (Berkeley) 6/5/86 - */ -#include - -#define SPACE 1 -#define ZERO 2 -#define UCASE 16 - -/* - * Scaled down version of C Library printf. - * Used to print diagnostic information directly on console tty. - * Since it is not interrupt driven, all system activities are - * suspended. - * - */ - -/* - * Printn prints a number n in base b. - * We don't use recursion to avoid deep kernel stacks. - */ -static int -printn(u_long n, int b, int flag, int minwidth, void (*putfn_p)(int ch, void *arg), void *putfn_arg) -{ - char prbuf[11]; - register char *cp; - int width = 0, neg = 0, len = 0; - - if (b == 10 && (int)n < 0) { - neg = 1; - n = (unsigned)(-(int)n); - } - cp = prbuf; - do { - *cp++ = "0123456789abcdef0123456789ABCDEF"[(flag & UCASE) + n%b]; - n /= b; - width++; - } while (n); - - if (neg) { - (*putfn_p)('-', putfn_arg); - width++; - len++; - } - while (width++ < minwidth) - { - (*putfn_p)( (flag & ZERO) ? '0' : ' ', putfn_arg); - len++; - } - - do - { - (*putfn_p)(*--cp, putfn_arg); - len++; - - } while (cp > prbuf); - - return len; -} - -int __doprnt( - const char *fmt, - va_list argp, - void (*putfn_p)(int ch, void *arg), - void *putfn_arg, - int radix - ) -{ - int b, c, len =0; - char *s; - int flag = 0, width = 0; - int minwidth; - unsigned int *adx = (unsigned int*)argp; -loop: - while ((c = *fmt++) != '%') { - if(c == '\0') - return len; - if (putfn_p) { - (*putfn_p)(c, putfn_arg); - } - len++; - } - minwidth = 0; -again: - c = *fmt++; - switch (c) { - case 'l': - goto again; - case ' ': - flag |= SPACE; - goto again; - case '0': - if (minwidth == 0) { - /* this is a flag */ - flag |= ZERO; - goto again; - } /* fall through */ - case '1': - case '2': - case '3': - case '4': - case '5': - case '6': - case '7': - case '8': - case '9': - minwidth *= 10; - minwidth += c - '0'; - goto again; - case 'X': - flag |= UCASE; - /* fall through */ - case 'x': - b = 16; - goto number; - case 'd': - b = 10; - goto number; - case 'o': case 'O': - b = 8; - number: - len += printn((u_long)*adx, b, flag, minwidth, putfn_p, putfn_arg); - break; - case 's': - s = (char *)*adx; - while ((c = *s++)) { - if (putfn_p) { - (*putfn_p)(c, putfn_arg); - } - len++; - width++; - } - while (width++ < minwidth) { - if (putfn_p) { - (*putfn_p)(' ', putfn_arg); - } - len++; - } - break; - case 'c': - if (putfn_p) { - (*putfn_p)((char)*adx, putfn_arg); - } - len++; - break; - default: - break; - } - adx++; - goto loop; -} -#endif \ No newline at end of file +} \ No newline at end of file Index: branches/cparm/i386/libsa/zalloc.c =================================================================== --- branches/cparm/i386/libsa/zalloc.c (revision 2114) +++ branches/cparm/i386/libsa/zalloc.c (revision 2115) @@ -32,7 +32,7 @@ #include "libsa.h" #include "memory.h" -#define ZDEBUG 1 +#define ZDEBUG 0 #if ZDEBUG int zout;