emo/busybox
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

i2cset: fix 'i' & 's' modes (3 extra bytes were sent)

Browse Source 
When 'i' or 's' modes are selected block array is filled from offset 3
(blen = 3) but copied to data.block buffer from offset 0 so first 3 bytes
contains garbage from stack.
The buffer that is sent is also 3 bytes too long due to those extra 3
bytes.

Signed-off-by: Avi Fishman <AviFishman70@gmail.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This commit is contained in:
Avi Fishman 2017-10-05 11:25:16 +02:00 committed by Denys Vlasenko
parent 6f97b30a90
commit b5d9ba8fe6
1 changed files with 27 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
miscutils/i2c_tools.c
View File

@ -562,14 +562,19 @@ int i2cset_main(int argc, char **argv)
opt_m = (1 << 2), opt_r = (1 << 3); opt_m = (1 << 2), opt_r = (1 << 3);
int bus_num, bus_addr, data_addr, mode = I2C_SMBUS_BYTE, pec = 0; int bus_num, bus_addr, data_addr, mode = I2C_SMBUS_BYTE, pec = 0;
int val, blen = 0, mask = 0, fd, status; int val, blen, mask, fd, status;
unsigned char block[I2C_SMBUS_BLOCK_MAX]; unsigned char block[I2C_SMBUS_BLOCK_MAX];
char *opt_m_arg = NULL; char *opt_m_arg = NULL;
unsigned opts; unsigned opts;
opts = getopt32(argv, "^" "fym:r" "\0" "-3"/*from 3 to ? args*/, &opt_m_arg); opts = getopt32(argv, "^"
"fym:r"
"\0" "-3", /* minimum 3 args */
&opt_m_arg
);
argv += optind; argv += optind;
argc -= optind; argc -= optind;
argc--; /* now argv[argc] is last arg */
bus_num = i2c_bus_lookup(argv[0]); bus_num = i2c_bus_lookup(argv[0]);
bus_addr = i2c_parse_bus_addr(argv[1]); bus_addr = i2c_parse_bus_addr(argv[1]);
@ -579,20 +584,26 @@ int i2cset_main(int argc, char **argv)
if (!argv[4] && argv[3][0] != 'c') { if (!argv[4] && argv[3][0] != 'c') {
mode = I2C_SMBUS_BYTE_DATA; /* Implicit b */ mode = I2C_SMBUS_BYTE_DATA; /* Implicit b */
} else { } else {
switch (argv[argc-1][0]) { switch (argv[argc][0]) {
case 'c': /* Already set */ break; case 'c': /* Already set */
case 'b': mode = I2C_SMBUS_BYTE_DATA; break; break;
case 'w': mode = I2C_SMBUS_WORD_DATA; break; case 'b': mode = I2C_SMBUS_BYTE_DATA;
case 's': mode = I2C_SMBUS_BLOCK_DATA; break; break;
case 'i': mode = I2C_SMBUS_I2C_BLOCK_DATA; break; case 'w': mode = I2C_SMBUS_WORD_DATA;
break;
case 's': mode = I2C_SMBUS_BLOCK_DATA;
break;
case 'i': mode = I2C_SMBUS_I2C_BLOCK_DATA;
break;
default: default:
bb_error_msg("invalid mode"); bb_error_msg("invalid mode");
bb_show_usage(); bb_show_usage();
} }
pec = argv[argc-1][1] == 'p'; pec = (argv[argc][1] == 'p');
if (mode == I2C_SMBUS_BLOCK_DATA || if (mode == I2C_SMBUS_BLOCK_DATA
mode == I2C_SMBUS_I2C_BLOCK_DATA) { || mode == I2C_SMBUS_I2C_BLOCK_DATA
) {
if (pec && mode == I2C_SMBUS_I2C_BLOCK_DATA) if (pec && mode == I2C_SMBUS_I2C_BLOCK_DATA)
bb_error_msg_and_die( bb_error_msg_and_die(
"PEC not supported for I2C " "PEC not supported for I2C "
@ -606,6 +617,8 @@ int i2cset_main(int argc, char **argv)
} }
/* Prepare the value(s) to be written according to current mode. */ /* Prepare the value(s) to be written according to current mode. */
mask = 0;
blen = 0;
switch (mode) { switch (mode) {
case I2C_SMBUS_BYTE_DATA: case I2C_SMBUS_BYTE_DATA:
val = xstrtou_range(argv[3], 0, 0, 0xff); val = xstrtou_range(argv[3], 0, 0, 0xff);
@ -615,8 +628,9 @@ int i2cset_main(int argc, char **argv)
break; break;
case I2C_SMBUS_BLOCK_DATA: case I2C_SMBUS_BLOCK_DATA:
case I2C_SMBUS_I2C_BLOCK_DATA: case I2C_SMBUS_I2C_BLOCK_DATA:
for (blen = 3; blen < (argc - 1); blen++) for (blen = 3; blen < argc; blen++)
block[blen] = xstrtou_range(argv[blen], 0, 0, 0xff); block[blen - 3] = xstrtou_range(argv[blen], 0, 0, 0xff);
blen -= 3;
val = -1; val = -1;
break; break;
default: default: