summaryrefslogtreecommitdiff
path: root/com32/lib/syslinux
diff options
context:
space:
mode:
Diffstat (limited to 'com32/lib/syslinux')
-rw-r--r--com32/lib/syslinux/memscan.c9
-rw-r--r--com32/lib/syslinux/pxe_dns.c13
-rw-r--r--com32/lib/syslinux/pxe_get_cached.c37
-rw-r--r--com32/lib/syslinux/pxe_get_nic.c14
-rw-r--r--com32/lib/syslinux/run_command.c17
-rw-r--r--com32/lib/syslinux/runimage.c26
6 files changed, 78 insertions, 38 deletions
diff --git a/com32/lib/syslinux/memscan.c b/com32/lib/syslinux/memscan.c
index 95580257..fc676cbf 100644
--- a/com32/lib/syslinux/memscan.c
+++ b/com32/lib/syslinux/memscan.c
@@ -51,7 +51,7 @@ int syslinux_scan_memory(scan_memory_callback_t callback, void *data)
{
static com32sys_t ireg;
com32sys_t oreg;
- struct e820_entry *e820buf = __com32.cs_bounce;
+ struct e820_entry *e820buf;
uint64_t start, len, maxlen;
int memfound = 0;
int rv;
@@ -74,13 +74,16 @@ int syslinux_scan_memory(scan_memory_callback_t callback, void *data)
return rv;
/* First try INT 15h AX=E820h */
+ e820buf = lzalloc(sizeof *e820buf);
+ if (!e820buf)
+ return -1;
+
ireg.eax.l = 0xe820;
ireg.edx.l = 0x534d4150;
ireg.ebx.l = 0;
ireg.ecx.l = sizeof(*e820buf);
ireg.es = SEG(e820buf);
ireg.edi.w[0] = OFFS(e820buf);
- memset(e820buf, 0, sizeof *e820buf);
do {
__intcall(0x15, &ireg, &oreg);
@@ -120,6 +123,8 @@ int syslinux_scan_memory(scan_memory_callback_t callback, void *data)
ireg.ebx.l = oreg.ebx.l;
} while (oreg.ebx.l);
+ lfree(e820buf);
+
if (memfound)
return 0;
diff --git a/com32/lib/syslinux/pxe_dns.c b/com32/lib/syslinux/pxe_dns.c
index 9ab95137..6620396f 100644
--- a/com32/lib/syslinux/pxe_dns.c
+++ b/com32/lib/syslinux/pxe_dns.c
@@ -48,21 +48,26 @@ uint32_t pxe_dns(const char *hostname)
unsigned char b[4];
uint32_t ip;
} q;
+ char *lm_hostname;
/* Is this a dot-quad? */
if (sscanf(hostname, "%hhu.%hhu.%hhu.%hhu",
&q.b[0], &q.b[1], &q.b[2], &q.b[3]) == 4)
return q.ip;
+ lm_hostname = lstrdup(hostname);
+ if (!lm_hostname)
+ return 0;
+
memset(&regs, 0, sizeof regs);
regs.eax.w[0] = 0x0010;
- regs.es = SEG(__com32.cs_bounce);
- regs.ebx.w[0] = OFFS(__com32.cs_bounce);
-
- strcpy((char *)__com32.cs_bounce, hostname);
+ regs.es = SEG(lm_hostname);
+ /* regs.ebx.w[0] = OFFS(lm_hostname); */
__intcall(0x22, &regs, &regs);
+ lfree(lm_hostname);
+
if (regs.eflags.l & EFLAGS_CF)
return 0;
diff --git a/com32/lib/syslinux/pxe_get_cached.c b/com32/lib/syslinux/pxe_get_cached.c
index 2e8349fe..47040378 100644
--- a/com32/lib/syslinux/pxe_get_cached.c
+++ b/com32/lib/syslinux/pxe_get_cached.c
@@ -42,40 +42,55 @@
or -1 on invocation failure */
int pxe_get_cached_info(int level, void **buf, size_t * len)
{
+ const int max_dhcp_packet = 2048;
com32sys_t regs;
- t_PXENV_GET_CACHED_INFO *gci = __com32.cs_bounce;
+ t_PXENV_GET_CACHED_INFO *gci;
void *bbuf, *nbuf;
+ int err;
+
+ gci = lmalloc(sizeof *gci + max_dhcp_packet);
+ if (!gci)
+ return -1;
memset(&regs, 0, sizeof regs);
regs.eax.w[0] = 0x0009;
regs.ebx.w[0] = PXENV_GET_CACHED_INFO;
regs.es = SEG(gci);
- regs.edi.w[0] = OFFS(gci);
+ /* regs.edi.w[0] = OFFS(gci); */
bbuf = &gci[1];
gci->Status = PXENV_STATUS_FAILURE;
gci->PacketType = level;
- gci->BufferSize = gci->BufferLimit = 65536 - sizeof(*gci);
+ gci->BufferSize = gci->BufferLimit = max_dhcp_packet;
gci->Buffer.seg = SEG(bbuf);
gci->Buffer.offs = OFFS(bbuf);
__intcall(0x22, &regs, &regs);
- if (regs.eflags.l & EFLAGS_CF)
- return -1;
+ if (regs.eflags.l & EFLAGS_CF) {
+ err = -1;
+ goto exit;
+ }
- if (gci->Status)
- return gci->Status;
+ if (gci->Status) {
+ err = gci->Status;
+ goto exit;
+ }
- nbuf = malloc(gci->BufferSize); /* malloc() does not use the bounce buffer */
- if (!nbuf)
- return -1;
+ nbuf = malloc(gci->BufferSize);
+ if (!nbuf) {
+ err = -1;
+ goto exit;
+ }
memcpy(nbuf, bbuf, gci->BufferSize);
*buf = nbuf;
*len = gci->BufferSize;
+ err = 0;
- return 0;
+exit:
+ lfree(gci);
+ return err;
}
diff --git a/com32/lib/syslinux/pxe_get_nic.c b/com32/lib/syslinux/pxe_get_nic.c
index 704a0d79..b301a75a 100644
--- a/com32/lib/syslinux/pxe_get_nic.c
+++ b/com32/lib/syslinux/pxe_get_nic.c
@@ -40,19 +40,25 @@
/* Returns the status code from PXE (0 on success),
or -1 on invocation failure */
-int pxe_get_nic_type(t_PXENV_UNDI_GET_NIC_TYPE * gnt)
+int pxe_get_nic_type(t_PXENV_UNDI_GET_NIC_TYPE *gnt)
{
com32sys_t regs;
+ t_PXENV_UNDI_GET_NIC_TYPE *lgnt;
+
+ lgnt = lzalloc(sizeof *lgnt);
+ if (!lgnt)
+ return -1;
memset(&regs, 0, sizeof regs);
regs.eax.w[0] = 0x0009;
regs.ebx.w[0] = PXENV_UNDI_GET_NIC_TYPE;
- regs.es = SEG(__com32.cs_bounce);
- regs.edi.w[0] = OFFS(__com32.cs_bounce);
+ regs.es = SEG(lgnt);
+ /* regs.edi.w[0] = OFFS(lgnt); */
__intcall(0x22, &regs, &regs);
- memcpy(gnt, __com32.cs_bounce, sizeof(t_PXENV_UNDI_GET_NIC_TYPE));
+ memcpy(gnt, lgnt, sizeof(t_PXENV_UNDI_GET_NIC_TYPE));
+ lfree(lgnt);
if (regs.eflags.l & EFLAGS_CF)
return -1;
diff --git a/com32/lib/syslinux/run_command.c b/com32/lib/syslinux/run_command.c
index 4693e16d..a0ac9a0d 100644
--- a/com32/lib/syslinux/run_command.c
+++ b/com32/lib/syslinux/run_command.c
@@ -30,18 +30,21 @@
#include <string.h>
#include <com32.h>
-__noreturn syslinux_run_command(const char *command)
+int syslinux_run_command(const char *command)
{
static com32sys_t ireg;
+ char *lm_command = lstrdup(command);
- strcpy(__com32.cs_bounce, command);
-
+ if (!lm_command)
+ return -1;
+
ireg.eax.w[0] = 0x0003;
- ireg.es = SEG(__com32.cs_bounce);
- ireg.ebx.w[0] = OFFS(__com32.cs_bounce);
+ ireg.es = SEG(lm_command);
+ /* ireg.ebx.w[0] = OFFS(lm_command); */
__intcall(0x22, &ireg, NULL);
- /* Should not return even on failure */
- for (;;) ;
+ /* Should not return even on failure, but in case... */
+ lfree(lm_command);
+ return -1;
}
diff --git a/com32/lib/syslinux/runimage.c b/com32/lib/syslinux/runimage.c
index 0184df37..29e9aadd 100644
--- a/com32/lib/syslinux/runimage.c
+++ b/com32/lib/syslinux/runimage.c
@@ -40,26 +40,32 @@ void syslinux_run_kernel_image(const char *filename, const char *cmdline,
uint32_t ipappend_flags, uint32_t type)
{
static com32sys_t ireg;
- char *bbfilename, *bbcmdline, *bbptr;
+ char *bbfilename = NULL;
+ char *bbcmdline = NULL;
int bytes;
- bbptr = __com32.cs_bounce;
+ bbfilename = lstrdup(filename);
+ if (!bbfilename)
+ goto fail;
- bytes = strlen(filename) + 1;
- memcpy(bbfilename = bbptr, filename, bytes);
- bbptr += bytes;
+ bbcmdline = lstrdup(cmdline);
+ if (!bbcmdline)
+ goto fail;
- bytes = strlen(cmdline) + 1;
- memcpy(bbcmdline = bbptr, filename, bytes);
- bbptr += bytes;
ireg.eax.w[0] = 0x0016;
ireg.ds = SEG(bbfilename);
- ireg.esi.w[0] = OFFS(bbfilename);
+ /* ireg.esi.w[0] = OFFS(bbfilename); */
ireg.es = SEG(bbcmdline);
- ireg.ebx.w[0] = OFFS(bbcmdline);
+ /* ireg.ebx.w[0] = OFFS(bbcmdline); */
ireg.ecx.l = ipappend_flags;
ireg.edx.l = type;
__intcall(0x22, &ireg, 0);
+
+fail:
+ if (bbcmdline)
+ lfree(bbcmdline);
+ if (bbfilename)
+ lfree(bbfilename);
}
View Lorry Controller Status