diff options
author | Kevin O'Connor <kevin@koconnor.net> | 2014-12-29 10:29:34 -0500 |
---|---|---|
committer | Kevin O'Connor <kevin@koconnor.net> | 2014-12-29 10:36:46 -0500 |
commit | 45e71721da6e37598593cf04f5a840380455d0a6 (patch) | |
tree | d5ac9eafa31c4ff17f4ab4c37e129a2938fc54cd | |
parent | c08ef9a777d3bec4deaad564bcf510e8f0b27ff6 (diff) | |
download | seabios-45e71721da6e37598593cf04f5a840380455d0a6.zip seabios-45e71721da6e37598593cf04f5a840380455d0a6.tar.gz seabios-45e71721da6e37598593cf04f5a840380455d0a6.tar.bz2 |
block: Check for read/write requests over 64K
The standard BIOS disk read/write request interface should never get a
request for more than 64K of data. Explicitly check for overly large
requests and reject them. This way, the low-level drivers do not need
to check for or attempt to handle very large requests.
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
-rw-r--r-- | src/block.c | 4 | ||||
-rw-r--r-- | src/disk.c | 2 |
2 files changed, 6 insertions, 0 deletions
diff --git a/src/block.c b/src/block.c index 43af305..3f7ecb1 100644 --- a/src/block.c +++ b/src/block.c @@ -485,6 +485,10 @@ process_op(struct disk_op_s *op) { ASSERT16(); int ret, origcount = op->count; + if (origcount * GET_GLOBALFLAT(op->drive_gf->blksize) > 64*1024) { + op->count = 0; + return DISK_RET_EBOUNDARY; + } u8 type = GET_GLOBALFLAT(op->drive_gf->type); switch (type) { case DTYPE_FLOPPY: @@ -173,6 +173,7 @@ disk_1300(struct bregs *regs, struct drive_s *drive_gf) struct disk_op_s dop; dop.drive_gf = drive_gf; dop.command = CMD_RESET; + dop.count = 0; int status = send_disk_op(&dop); disk_ret(regs, status); } @@ -322,6 +323,7 @@ disk_1310(struct bregs *regs, struct drive_s *drive_gf) struct disk_op_s dop; dop.drive_gf = drive_gf; dop.command = CMD_ISREADY; + dop.count = 0; int status = send_disk_op(&dop); disk_ret(regs, status); } |