diff options
| author | pancake <pancake@flubox> | 2008-12-19 19:39:27 +0100 |
|---|---|---|
| committer | pancake <pancake@flubox> | 2008-12-19 19:39:27 +0100 |
| commit | a6ef73359c0e0537ebf83795ebacbbfaee2c9c28 (patch) | |
| tree | 1db2cc7c531927be96c581e4077500918ad45ac4 | |
| parent | 3a1053b29e5fb8109463259ee9dff3d8f4e4be5b (diff) | |
| download | 0xFFFF-a6ef73359c0e0537ebf83795ebacbbfaee2c9c28.tar.bz2 | |
* Apply security patches from Erik Hovland - Thanks!
| -rw-r--r-- | config.mk | 5 | ||||
| -rw-r--r-- | logotool/compress.c | 1 | ||||
| -rw-r--r-- | logotool/rgb2yuv.c | 2 | ||||
| -rw-r--r-- | logotool/uncompress.c | 1 | ||||
| -rw-r--r-- | src/dump.c | 8 | ||||
| -rw-r--r-- | src/fiasco.c | 2 | ||||
| -rw-r--r-- | src/fpid.c | 7 | ||||
| -rw-r--r-- | src/hash.c | 4 | ||||
| -rw-r--r-- | src/qmode.c | 49 | ||||
| -rw-r--r-- | src/squeue/squeue.c | 7 |
10 files changed, 50 insertions, 36 deletions
@@ -1,10 +1,13 @@ VERSION=0.4.0 PREFIX=/usr - # NetBSD stuff CFLAGS+=-I/usr/pkg/include -O2 LDFLAGS+=-L/usr/pkg/lib -Wl,-R/usr/pkg/lib HAVE_USB=1 HAVE_GUI=1 + +# For linking against this copy of libusb +#CFLAGS+=-I../libusb + diff --git a/logotool/compress.c b/logotool/compress.c index c65158c..cb32265 100644 --- a/logotool/compress.c +++ b/logotool/compress.c @@ -60,6 +60,7 @@ int compress_image(char *srcf, char *dstf, int w, int h) fdout = open( dstf, O_TRUNC | O_CREAT | O_WRONLY , 0660 ); if (fdout == -1) { printf("Cannot open file '%s' for writing\n", dstf); + fclose(fd); return 1; } diff --git a/logotool/rgb2yuv.c b/logotool/rgb2yuv.c index b3f2143..4c3a268 100644 --- a/logotool/rgb2yuv.c +++ b/logotool/rgb2yuv.c @@ -107,5 +107,7 @@ int rgb2yuv(char *from, char *to, int width, int height) for ( i = 0 ; i < height ; i+=2 ) for ( j = 0; j < width ; j +=2 ) write ( fout,&dstV[j+(i*width)], 1); + + free(dstV); free(dstU); free(dstY); free(src); return 1; } diff --git a/logotool/uncompress.c b/logotool/uncompress.c index 4d0599f..b3e19dd 100644 --- a/logotool/uncompress.c +++ b/logotool/uncompress.c @@ -119,5 +119,6 @@ int uncompress_image(char *srcf, char *dstf) //printf("logotool -w %d -h %d -v %s\n", width, height, dstf); printf("eval PATH=$PWD:$PATH logotool -w %d -h %d -m %s\n", width, height, dstf); + free(dst); free(src); return 0; } @@ -69,17 +69,14 @@ __rf_extract_exit: * This function was covardly copied from nanddump.c @ mtd-utils-20060907 */ #define _GNU_SOURCE -#include <ctype.h> #include <errno.h> #include <fcntl.h> #include <stdio.h> #include <stdlib.h> -#include <string.h> #include <unistd.h> #include <getopt.h> #include <sys/ioctl.h> #include <sys/types.h> -#include <sys/stat.h> //#include <asm/types.h> #include <mtd/mtd-user.h> #ifndef loff_t @@ -171,6 +168,9 @@ int check_badblocks(char *mtddev) return 1; } + memset(&stat1, 0, sizeof(stat1)); + memset(&stat2, 0, sizeof(stat2)); + fprintf(stderr, "Block size %u, page size %u, OOB size %u\n", meminfo.erasesize, meminfo.writesize, meminfo.oobsize); fprintf(stderr, "Size %u, flags %u, type 0x%x\n", @@ -498,7 +498,7 @@ int dump_config() break; if (!memcmp(buf,"ConF", 4)) { loop: - read(fd, buf, 4); + ret = read(fd, buf, 4); if (ret == -1) break; printf("\n0x%08x : ConF %02x %02x %02x %02x : ", i, buf[0], buf[1], buf[2], buf[3]); diff --git a/src/fiasco.c b/src/fiasco.c index 3e9da9f..cb27b10 100644 --- a/src/fiasco.c +++ b/src/fiasco.c @@ -62,7 +62,7 @@ int openfiasco(char *name, char *piece_grep, int v) read(header.fd, buf, namelen); if (v) printf("Fiasco version: %2d\n", buf[3]); - strcpy(header.fwname, (char *)buf+6); + strncpy(header.fwname, (char *)buf+6, sizeof(header.fwname) - 1); if (v) for(i=6;i<namelen;i+=strlen((char *)(buf+i))+1) printf("Name: %s\n", buf+i); @@ -37,7 +37,12 @@ long fpid_size(const char *filename) { long sz; FILE *fd = fopen(filename, "r"); - fseek(fd, 0, SEEK_END); + if (fd == NULL) + return -1; + if (fseek(fd, 0, SEEK_END) != 0) { + fclose(fd); + return -1; + } sz = ftell(fd); fclose(fd); return sz; @@ -40,8 +40,10 @@ usho do_hash_file(const char *filename) } do { ret = fread(&buf, 1, BSIZE, fd); - if (ret == -1) + if (ret == -1) { + fclose(fd); return 0; + } hash ^= do_hash((usho *)&buf, ret); } while(ret); diff --git a/src/qmode.c b/src/qmode.c index d8c22db..cf52866 100644 --- a/src/qmode.c +++ b/src/qmode.c @@ -43,38 +43,33 @@ void process_message(char *msg) { char *str; char *arg; - int c=1; if (msg == NULL) return; printf("[x] (%s)\n", msg); str = strdup(msg); arg = strchr(str, ':'); - if (c!=0) { - arg[0]='\0'; - arg = arg +1; - if (!strcmp(str, "flash")) { - const char *type = fpid_file(arg); - if (type == NULL) { - squeue_push2(p, "error", "Unknown piece format", 1); - } else flash_image(arg, type, NULL); - } else - if (!strcmp(str, "reset")) { - if (reboot_board() == 0) { - squeue_push2(p,"info", "Device reboots", 1); - } else squeue_push2(p,"error", "Cannot reboot device", 1); - } else - if (!strcmp(str, "info")) { - get_rd_flags(); - squeue_push2(p, "info", strbuf, 1); - get_nolo_version(); - squeue_push2(p, "info", strbuf, 1); - get_usb_mode(); - squeue_push2(p, "info", strbuf, 1); - } else - squeue_push2(p, "error", "invalid command", 0); - } else { - squeue_push2(p, "error", "invalid command format", 0); - } + arg[0]='\0'; + arg = arg +1; + if (!strcmp(str, "flash")) { + const char *type = fpid_file(arg); + if (type == NULL) { + squeue_push2(p, "error", "Unknown piece format", 1); + } else flash_image(arg, type, NULL); + } else + if (!strcmp(str, "reset")) { + if (reboot_board() == 0) { + squeue_push2(p,"info", "Device reboots", 1); + } else squeue_push2(p,"error", "Cannot reboot device", 1); + } else + if (!strcmp(str, "info")) { + get_rd_flags(); + squeue_push2(p, "info", strbuf, 1); + get_nolo_version(); + squeue_push2(p, "info", strbuf, 1); + get_usb_mode(); + squeue_push2(p, "info", strbuf, 1); + } else + squeue_push2(p, "error", "invalid command", 0); free(str); } diff --git a/src/squeue/squeue.c b/src/squeue/squeue.c index 96f2b59..89fc7f5 100644 --- a/src/squeue/squeue.c +++ b/src/squeue/squeue.c @@ -40,13 +40,18 @@ struct squeue_t *squeue_open(const char *file, int mode) struct squeue_t *q; char *pool; int shmid; + int fd; key_t k; k = ftok(file, 0x34); if (k == -1) { perror("ftok"); squeue_release(file); - close(creat(file, 0666)); + if ((fd = creat(file, 0666)) == -1) { + perror("creat"); + return NULL; + } + close(fd); chmod(file, 0666); k = ftok(file, 0xa3); if (k == -1) { |