View | Details | Raw Unified | Return to bug 230993
Collapse All | Expand All

(-)sysutils/acpi_call/Makefile (+1 lines)
Lines 3-8 Link Here
3
3
4
PORTNAME=	acpi_call
4
PORTNAME=	acpi_call
5
PORTVERSION=	1.0.1
5
PORTVERSION=	1.0.1
6
PORTREVISION=	1
6
CATEGORIES=	sysutils
7
CATEGORIES=	sysutils
7
MASTER_SITES=	http://projects.ukrweb.net/files/ \
8
MASTER_SITES=	http://projects.ukrweb.net/files/ \
8
		http://imax.in.ua/files/
9
		http://imax.in.ua/files/
(-)sysutils/acpi_call/files/patch-acpi__call.c (+75 lines)
Line 0 Link Here
1
--- acpi_call.c.orig	2011-11-07 05:35:10 UTC
2
+++ acpi_call.c
3
@@ -43,12 +43,13 @@
4
 #include "acpi_call_io.h"
5
 
6
 
7
-void acpi_call_fixup_pointers(ACPI_OBJECT *p, UINT8 *orig);
8
+void acpi_call_fixup_pointers(ACPI_OBJECT *p, UINT8 *user, size_t len);
9
 
10
 static int
11
 acpi_call_ioctl(u_long cmd, caddr_t addr, void *arg)
12
 {
13
 	struct acpi_call_descr *params;
14
+	char		path[MAX_ACPI_PATH + 1];
15
 	ACPI_BUFFER	result;
16
 
17
 	result.Length = ACPI_ALLOCATE_BUFFER;
18
@@ -56,19 +57,24 @@ acpi_call_ioctl(u_long cmd, caddr_t addr, void *arg)
19
 
20
 	if (cmd == ACPIIO_CALL) {
21
 		params = (struct acpi_call_descr*)addr;
22
-		params->retval = AcpiEvaluateObject(NULL, params->path, &params->args, &result);
23
+		copyin(params->path, path, params->path_len);
24
+		path[params->path_len] = '\0';
25
+		params->retval = AcpiEvaluateObject(NULL, path, &params->args, &result);
26
 		if (ACPI_SUCCESS(params->retval))
27
 		{
28
 			if (result.Pointer != NULL)
29
 			{
30
 				if (params->result.Pointer != NULL)
31
 				{	
32
+					if (params->result.Length < sizeof(ACPI_OBJECT)) {
33
+						AcpiOsFree(result.Pointer);
34
+						return (EINVAL);
35
+					}
36
 					params->result.Length = min(params->result.Length, result.Length);
37
+					acpi_call_fixup_pointers((ACPI_OBJECT*)(result.Pointer), params->result.Pointer, result.Length);
38
 					copyout(result.Pointer, params->result.Pointer,
39
 							params->result.Length);
40
 					params->reslen = result.Length;
41
-					if (result.Length >= sizeof(ACPI_OBJECT))
42
-						acpi_call_fixup_pointers((ACPI_OBJECT*)(params->result.Pointer), result.Pointer);
43
 				}
44
 				AcpiOsFree(result.Pointer);
45
 			}
46
@@ -79,16 +85,24 @@ acpi_call_ioctl(u_long cmd, caddr_t addr, void *arg)
47
 }
48
 
49
 void
50
-acpi_call_fixup_pointers(ACPI_OBJECT *p, UINT8 *orig)
51
+acpi_call_fixup_pointers(ACPI_OBJECT *p, UINT8 *user, size_t len)
52
 {
53
 	switch (p->Type)
54
 	{
55
 	case ACPI_TYPE_STRING:
56
-		p->String.Pointer = (char*)((UINT8*)(p->String.Pointer) - orig + (UINT8*)p);
57
-		break;
58
+		if ((char *)(p->String.Pointer + p->String.Length/sizeof(*p->String.Pointer)) <= (char *)p + len) {
59
+			p->String.Pointer = user + ( (char *)p->String.Pointer - (char *)p );
60
+			return;
61
+		}
62
+		p->String.Pointer = NULL;
63
+		return;
64
 	case ACPI_TYPE_BUFFER:
65
-		p->Buffer.Pointer -= orig - (UINT8*)p;
66
-		break;
67
+		if ((char *)(p->Buffer.Pointer + p->Buffer.Length/sizeof(*p->Buffer.Pointer)) <= (char *)p + len) {
68
+			p->Buffer.Pointer = user + ( (char *)p->Buffer.Pointer - (char *)p );
69
+			return;
70
+		}
71
+		p->Buffer.Pointer = NULL;
72
+		return;
73
 	}
74
 }
75
 
(-)sysutils/acpi_call/files/patch-acpi__call__io.h (+15 lines)
Line 0 Link Here
1
--- acpi_call_io.h.orig	2018-09-13 19:07:48 UTC
2
+++ acpi_call_io.h
3
@@ -38,9 +38,12 @@
4
 #	include <contrib/dev/acpica/actypes.h>
5
 #endif
6
 
7
+#define	MAX_ACPI_PATH	1024 // XXX
8
+
9
 struct acpi_call_descr
10
 {
11
 	char		*path;
12
+	size_t		 path_len;
13
 	ACPI_OBJECT_LIST	args;
14
 	ACPI_STATUS	retval;
15
 	ACPI_BUFFER	result;
(-)sysutils/acpi_call/files/patch-acpi__call__util.c (+16 lines)
Lines 1-5 Link Here
1
--- acpi_call_util.c.orig	2011-11-07 05:35:10 UTC
1
--- acpi_call_util.c.orig	2011-11-07 05:35:10 UTC
2
+++ acpi_call_util.c
2
+++ acpi_call_util.c
3
@@ -42,7 +42,6 @@
4
 #include <stdio.h>
5
 #include <string.h>
6
 
7
-#define	MAX_ACPI_PATH	1024 // XXX
8
 #define MAX_ACPI_ARGS	7
9
 
10
 char dev_path[MAXPATHLEN] = "/dev/acpi";
11
@@ -89,6 +88,7 @@ int main(int argc, char * argv[])
12
 		fprintf(stderr, "Please specify path to method with -p flag\n");
13
 		return 1;
14
 	}
15
+	params.path_len = strnlen(method_path, MAX_ACPI_PATH);
16
 
17
 	if (verbose)
18
 		print_params(&params);
3
@@ -102,6 +102,7 @@ int main(int argc, char * argv[])
19
@@ -102,6 +102,7 @@ int main(int argc, char * argv[])
4
 	if (ioctl(fd, ACPIIO_CALL, &params) == -1)
20
 	if (ioctl(fd, ACPIIO_CALL, &params) == -1)
5
 	{
21
 	{

Return to bug 230993