From owner-svn-src-head@freebsd.org Wed Jan 18 08:18:09 2017 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 62785CB4637; Wed, 18 Jan 2017 08:18:09 +0000 (UTC) (envelope-from tsoome@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 3D008128D; Wed, 18 Jan 2017 08:18:09 +0000 (UTC) (envelope-from tsoome@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v0I8I8pZ017831; Wed, 18 Jan 2017 08:18:08 GMT (envelope-from tsoome@FreeBSD.org) Received: (from tsoome@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id v0I8I82b017827; Wed, 18 Jan 2017 08:18:08 GMT (envelope-from tsoome@FreeBSD.org) Message-Id: <201701180818.v0I8I82b017827@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: tsoome set sender to tsoome@FreeBSD.org using -f From: Toomas Soome Date: Wed, 18 Jan 2017 08:18:08 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r312374 - head/sys/boot/efi/libefi X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Jan 2017 08:18:09 -0000 Author: tsoome Date: Wed Jan 18 08:18:07 2017 New Revision: 312374 URL: https://svnweb.freebsd.org/changeset/base/312374 Log: loader: efi devpath api usage should be more aware of NULL pointers As the efi_devpath_last_node() and efi_devpath_trim() can return NULL pointers, the consumers of this API should check the the NULL pointers. Same for efinet_dev_init() using calloc(). Reported by: Robert Mustacchi Reviewed by: jhb, allanjude Approved by: allanjude (mentor) Differential Revision: https://reviews.freebsd.org/D9203 Modified: head/sys/boot/efi/libefi/devpath.c head/sys/boot/efi/libefi/efinet.c head/sys/boot/efi/libefi/efipart.c Modified: head/sys/boot/efi/libefi/devpath.c ============================================================================== --- head/sys/boot/efi/libefi/devpath.c Wed Jan 18 08:11:18 2017 (r312373) +++ head/sys/boot/efi/libefi/devpath.c Wed Jan 18 08:18:07 2017 (r312374) @@ -106,15 +106,18 @@ efi_devpath_trim(EFI_DEVICE_PATH *devpat EFI_DEVICE_PATH *node, *copy; size_t prefix, len; - node = efi_devpath_last_node(devpath); + if ((node = efi_devpath_last_node(devpath)) == NULL) + return (NULL); prefix = (UINT8 *)node - (UINT8 *)devpath; if (prefix == 0) return (NULL); len = prefix + DevicePathNodeLength(NextDevicePathNode(node)); copy = malloc(len); - memcpy(copy, devpath, prefix); - node = (EFI_DEVICE_PATH *)((UINT8 *)copy + prefix); - SetDevicePathEndNode(node); + if (copy != NULL) { + memcpy(copy, devpath, prefix); + node = (EFI_DEVICE_PATH *)((UINT8 *)copy + prefix); + SetDevicePathEndNode(node); + } return (copy); } Modified: head/sys/boot/efi/libefi/efinet.c ============================================================================== --- head/sys/boot/efi/libefi/efinet.c Wed Jan 18 08:11:18 2017 (r312373) +++ head/sys/boot/efi/libefi/efinet.c Wed Jan 18 08:18:07 2017 (r312374) @@ -291,12 +291,18 @@ efinet_dev_init() if (EFI_ERROR(status)) return (efi_status_to_errno(status)); handles2 = (EFI_HANDLE *)malloc(sz); + if (handles2 == NULL) { + free(handles); + return (ENOMEM); + } nifs = 0; for (i = 0; i < sz / sizeof(EFI_HANDLE); i++) { devpath = efi_lookup_devpath(handles[i]); if (devpath == NULL) continue; - node = efi_devpath_last_node(devpath); + if ((node = efi_devpath_last_node(devpath)) == NULL) + continue; + if (DevicePathType(node) != MESSAGING_DEVICE_PATH || DevicePathSubType(node) != MSG_MAC_ADDR_DP) continue; @@ -318,20 +324,24 @@ efinet_dev_init() } free(handles); if (nifs == 0) { - free(handles2); - return (ENOENT); + err = ENOENT; + goto done; } err = efi_register_handles(&efinet_dev, handles2, NULL, nifs); - if (err != 0) { - free(handles2); - return (err); - } + if (err != 0) + goto done; - efinetif.netif_nifs = nifs; efinetif.netif_ifs = calloc(nifs, sizeof(struct netif_dif)); - stats = calloc(nifs, sizeof(struct netif_stats)); + if (efinetif.netif_ifs == NULL || stats == NULL) { + free(efinetif.netif_ifs); + free(stats); + efinetif.netif_ifs = NULL; + err = ENOMEM; + goto done; + } + efinetif.netif_nifs = nifs; for (i = 0; i < nifs; i++) { @@ -341,9 +351,9 @@ efinet_dev_init() dif->dif_stats = &stats[i]; dif->dif_private = handles2[i]; } +done: free(handles2); - - return (0); + return (err); } static int Modified: head/sys/boot/efi/libefi/efipart.c ============================================================================== --- head/sys/boot/efi/libefi/efipart.c Wed Jan 18 08:11:18 2017 (r312373) +++ head/sys/boot/efi/libefi/efipart.c Wed Jan 18 08:18:07 2017 (r312374) @@ -130,10 +130,13 @@ efipart_init(void) * we try to find the parent device and add that instead as * that will be the CD filesystem. */ - node = efi_devpath_last_node(devpath); + if ((node = efi_devpath_last_node(devpath)) == NULL) + continue; if (DevicePathType(node) == MEDIA_DEVICE_PATH && DevicePathSubType(node) == MEDIA_CDROM_DP) { devpathcpy = efi_devpath_trim(devpath); + if (devpathcpy == NULL) + continue; tmpdevpath = devpathcpy; status = BS->LocateDevicePath(&blkio_guid, &tmpdevpath, &handle);