| Age | Commit message (Collapse) | Author |
|---|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
errno must never be negative
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
the existing verification is retained, an a few commands.
this is an additional security mechanism. redundancy is
best.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
3-arg arguments were broken, by recent generalisations.
this should fix it.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
no more command-specific logic here. this should be the
same in the rest of the code now.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
now they only set checksums.
and generalised checksumming is next!
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
get it out of main(), it's bloat there
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
gbe_write already checks this, but we should
also check inside the caller.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
nice bit of defense here
we absolutely need this code to be bullet proof
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
they should only access the nvm area, so rename
them accordingly.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
make the code slightly easier to read
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
xstrxlen ftw
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
strnlen is not available on some older systems,
so now we provide our own portable version.
this version also aborts on NULL input, unlike
the standard function.
this version also does not permit empty strings.
this version also does not permit unterminated
strings.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
arc4random is superior, so using /dev/urandom
would be a mistake. we only use that on linux,
or old/weird unix.
we would also use it on linux, but GNU prohibits
nice things (its implementations are spotty, and
old glibc doesn't have it - before 2022 there is
libbsd, but i'm not importing that).
not that it matters. we're not doing encryption.
i'm just a stickler for technical correctness.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
use the macro, introduced in the previous commit
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
to make it clearer what this variable does
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
this is a guard against mistakes by future maintainers
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
make cmd a size_t and make the equivalent to NULL
be the number of items in command[]
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
don't set args here
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
instead of simply checking null, just do a bound check.
this would also cover NULL (-1)
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
There, we use arc4random_buf which does not directly
access /dev/urandom on BSD; it uses a userspace method
instead, which bypasses this.
This is therefore much more restrictive, which is
exactly the point of unveil(2) and pledge(2); restrict
your program's operation while ensuring that it has what
it needs, to help with debugging and prevent common bugs.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
the current name is misleading. this function
specifically converts what's stored in memory,
in the nvm.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
otherwise, it's a pointless computation
i also added a guard to mitigate this, in the
read file function. this should have been there
anyway.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
that way, it makes more sense sementantically
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
accidentally specified invert, for the brick
and setchecksum commands. oops!
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
if the enum is messed up, this patch also prevents
that. this is not to catch a runtime error, but
to intentionally trip up a maintainer that screws
up, prompting them to fix their future mistake.
we previously used a pointer directly, without
even checking index/NULL - that too is now covered,
except that we now use an indice for command[] and
execute the command from that, rather than directly
declaring a pointer.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
a package manager by the name "nvm" exists, as
i discovered.
this is a courtesy to them.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
this way, if a user does e.g.
./nvm gbe.bin bullshit
It will say: bullshit
Right now, it just says invalid length. This
means if the user wanted to type e.g.
./nvm gbe.bin copy 0
but they typed:
./nvm gbe.bin coyp 0
Now it will tell them that it's trying
to set the MAC address "coyp".
This is because if an invalid command is given,
it's treated as a MAC address instead. This is
by design, to allow e.g.
./nvm gbe.bin xx:1x:1x:xx:xx:xx
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
handle inversion directly there
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
point directly to the command table.
run through an intermediary function to check
bounds, for safety.
this will allow me to then set things like
the invert config directly in that struct.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
we need only declare it in the centralised gbe_file_offset
function, which determines whether a write to the gbe file
falls specifically within the 4KB range that is the gbe
part.
it is always half of the gbe file size, and then the first
4KB of each half stores the gbe part.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
