Commit a596ce3c authored by Robert Sprowson's avatar Robert Sprowson
Browse files

Fix for buffer overrun

The PRM entry for Free reason 1 is very vague, it requires the length of the drive name including a terminator, not strlen() of the drive name. Free uses this directly to allocate RMA to copy into (though for drive names that aren't a multiple of 8 we're saved by OS_Module rounding up claims).
Also use Free SWI values from headers rather than defining them again locally.

Version 2.54. Tagged as 'LanManFS-2_54'
parent d06e3e50
/* (2.53) /* (2.54)
* *
* This file is automatically maintained by srccommit, do not edit manually. * This file is automatically maintained by srccommit, do not edit manually.
* Last processed by srccommit version: 1.1. * Last processed by srccommit version: 1.1.
* *
*/ */
#define Module_MajorVersion_CMHG 2.53 #define Module_MajorVersion_CMHG 2.54
#define Module_MinorVersion_CMHG #define Module_MinorVersion_CMHG
#define Module_Date_CMHG 17 Mar 2016 #define Module_Date_CMHG 03 Apr 2016
#define Module_MajorVersion "2.53" #define Module_MajorVersion "2.54"
#define Module_Version 253 #define Module_Version 254
#define Module_MinorVersion "" #define Module_MinorVersion ""
#define Module_Date "17 Mar 2016" #define Module_Date "03 Apr 2016"
#define Module_ApplicationDate "17-Mar-16" #define Module_ApplicationDate "03-Apr-16"
#define Module_ComponentName "LanManFS" #define Module_ComponentName "LanManFS"
#define Module_ComponentPath "castle/RiscOS/Sources/Networking/Omni/Protocols/LanManFS" #define Module_ComponentPath "castle/RiscOS/Sources/Networking/Omni/Protocols/LanManFS"
#define Module_FullVersion "2.53" #define Module_FullVersion "2.54"
#define Module_HelpVersion "2.53 (17 Mar 2016)" #define Module_HelpVersion "2.54 (03 Apr 2016)"
#define Module_LibraryVersionInfo "2:53" #define Module_LibraryVersionInfo "2:54"
...@@ -62,11 +62,6 @@ ...@@ -62,11 +62,6 @@
#define INFO_STR_LEN 64 #define INFO_STR_LEN 64
/* Length of info string kept about servers & mounts */ /* Length of info string kept about servers & mounts */
/* SWI definitions */
#define SWI_Free_Register 0x444C0
#define SWI_Free_Deregister 0x444C1
/* ------------------------ */ /* ------------------------ */
/* Information on a known mount path or printer name. /* Information on a known mount path or printer name.
...@@ -1218,7 +1213,7 @@ _kernel_oserror *Omni_FreeOp_SWI (_kernel_swi_regs *R ) ...@@ -1218,7 +1213,7 @@ _kernel_oserror *Omni_FreeOp_SWI (_kernel_swi_regs *R )
char *s = (char *)(R->r[3]); char *s = (char *)(R->r[3]);
char *d = (char *)(R->r[2]); char *d = (char *)(R->r[2]);
sprintf ( d, FilingSystemName "::%s", s ); sprintf ( d, FilingSystemName "::%s", s );
R->r[0] = strlen(d); R->r[0] = strlen(d) + 1 /* Terminator */;
return NULL; return NULL;
} }
...@@ -1335,9 +1330,9 @@ static void Omni_Free_Register(bool OnNotOff) ...@@ -1335,9 +1330,9 @@ static void Omni_Free_Register(bool OnNotOff)
R.r[2] = 0; /* R12 value, don't care */ R.r[2] = 0; /* R12 value, don't care */
if ( OnNotOff ) if ( OnNotOff )
_kernel_swi ( SWI_Free_Register, &R, &R ); _kernel_swi ( Free_Register, &R, &R );
else else
_kernel_swi ( SWI_Free_Deregister, &R, &R ); _kernel_swi ( Free_DeRegister, &R, &R );
} }
/* Omni_StartUp() ---------------------------------*/ /* Omni_StartUp() ---------------------------------*/
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment