| Age | Commit message (Collapse) | Author |
|---|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
accidentally removed this in a rebase
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
otherwise, gbe.bin locking won't work!
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
i don't like it grouped together. do it
all separate, for clarity.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
unified arg check for prw and rw_file_exact
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
we check them in prw, but we used to rely
on prw because we called that first. no more.
it's correct to also check them here anyway,
in case i ever call another function here.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
avoid pointer-range overflow arithmetic. this
patch doesn't change behaviour, but makes an
overflow impossible.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
don't do it inside functions. some compilers may
be inconsistent, ditto several auditing tools.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
off is signed, so converting that to unsigned
is better than converting rc (unsigned)
to signed. i had the right idea, but got
it wrong in the earlier version. this
should fix potential overflow issues.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
otherwise, it could still overflow
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
some unused variables if enabled. hide them.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
our fallback pwrite/pread behaviour still does not
properly replicate the safety of real pwrite/pread
i intend to put this i/o code into a library for use
in other programs; nvmutil is single-threaded so
this change is largely redundant (but can't hurt)
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
remove ptr casts to ulong. size_t is better.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
despite my cast, size_t is better for mem index
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
we don't need it anymore.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
rw_file_once was doing what rw_file_exact should be
doing
_once does what it says: once
we were passing an offset (rc) to it that it was not
meaningfully using.
this makes the code now more robust, especially if
we later swap out or break _once - then we don't
get weird behaviour (if there is a regression).
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
we already check not-zero in the next if
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
we assert now that ulong is the size of a pointer,
therefore we know that it can fit a pointer reliably.
this code is written for c90 spec so lacks uintptr
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
technically we're never supposed to do arithmetic on
pointers (there's uintptr for that)
very anal fix
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
not available on older systems. can just pass
the relevant flag in the compiler:
HAVE_ARC4RANDOM_BUF=0 at build time if you need
the fallback.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
i already also guard other toctuo attacks :)
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
if someone deletes gbe.bin while operating, nvmutil
will now abort
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
too over engineered and cumbersome.
the new security in prw() makes it brittle,
and i'd rather not move checks outside of it.
the fallback rand is random enough.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
slow, per call. prw should be generic.
do it just for gbe files, once
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
build flag
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
