diff --git a/src/commonlib/bsd/cbfs_private.c b/src/commonlib/bsd/cbfs_private.c index 035684b91e..7814c4a727 100644 --- a/src/commonlib/bsd/cbfs_private.c +++ b/src/commonlib/bsd/cbfs_private.c @@ -159,3 +159,35 @@ cb_err_t cbfs_lookup(cbfs_dev_t dev, const char *name, union cbfs_mdata *mdata_o }; return cbfs_walk(dev, lookup_walker, &args, metadata_hash, 0); } + +const void *cbfs_find_attr(const union cbfs_mdata *mdata, uint32_t attr_tag, size_t size_check) +{ + uint32_t offset = be32toh(mdata->h.attributes_offset); + uint32_t end = be32toh(mdata->h.offset); + + if (!offset) + return NULL; + + while (offset + sizeof(struct cbfs_file_attribute) <= end) { + const struct cbfs_file_attribute *attr = (const void *)mdata->raw + offset; + const uint32_t tag = be32toh(attr->tag); + const uint32_t len = be32toh(attr->len); + + if (offset + len > end) { + ERROR("Attribute %s[%u] overflows end of metadata\n", + mdata->filename, tag); + return NULL; + } + if (tag == attr_tag) { + if (size_check && len != size_check) { + ERROR("Attribute %s[%u] size mismatch: %u != %zu\n", + mdata->filename, tag, len, size_check); + return NULL; + } + return attr; + } + offset += len; + } + + return NULL; +} diff --git a/src/commonlib/bsd/include/commonlib/bsd/cbfs_private.h b/src/commonlib/bsd/include/commonlib/bsd/cbfs_private.h index 64dcf9f5ba..b72463aba3 100644 --- a/src/commonlib/bsd/include/commonlib/bsd/cbfs_private.h +++ b/src/commonlib/bsd/include/commonlib/bsd/cbfs_private.h @@ -134,4 +134,9 @@ cb_err_t cbfs_mcache_lookup(const void *mcache, size_t mcache_size, const char * /* Returns the amount of bytes actually used by the CBFS metadata cache in |mcache|. */ size_t cbfs_mcache_real_size(const void *mcache, size_t mcache_size); +/* Finds a CBFS attribute in a metadata block. Attribute returned as-is (still big-endian). + If |size| is not 0, will check that it matches the length of the attribute (if found)... + else caller is responsible for checking the |len| field to avoid reading out-of-bounds. */ +const void *cbfs_find_attr(const union cbfs_mdata *mdata, uint32_t attr_tag, size_t size_check); + #endif /* _COMMONLIB_BSD_CBFS_PRIVATE_H_ */ diff --git a/src/lib/cbfs.c b/src/lib/cbfs.c index 493093ebb9..8d868a6be3 100644 --- a/src/lib/cbfs.c +++ b/src/lib/cbfs.c @@ -72,18 +72,16 @@ int cbfs_boot_locate(struct cbfsf *fh, const char *name, uint32_t *type) void *cbfs_map(const char *name, size_t *size_out) { - struct cbfsf fh; - size_t fsize; + struct region_device rdev; + union cbfs_mdata mdata; - if (cbfs_boot_locate(&fh, name, NULL)) + if (cbfs_boot_lookup(name, false, &mdata, &rdev)) return NULL; - fsize = region_device_sz(&fh.data); - if (size_out != NULL) - *size_out = fsize; + *size_out = region_device_sz(&rdev); - return rdev_mmap(&fh.data, 0, fsize); + return rdev_mmap_full(&rdev); } int cbfs_unmap(void *mapping) @@ -285,21 +283,23 @@ void *cbfs_boot_map_optionrom_revision(uint16_t vendor, uint16_t device, uint8_t size_t cbfs_load(const char *name, void *buf, size_t buf_size) { - struct cbfsf fh; - uint32_t compression_algo; - size_t decompressed_size; + struct region_device rdev; + union cbfs_mdata mdata; - if (cbfs_boot_locate(&fh, name, NULL) < 0) + if (cbfs_boot_lookup(name, false, &mdata, &rdev)) return 0; - if (cbfsf_decompression_info(&fh, &compression_algo, - &decompressed_size) - < 0 - || decompressed_size > buf_size) - return 0; + uint32_t compression = CBFS_COMPRESS_NONE; + const struct cbfs_file_attr_compression *attr = cbfs_find_attr(&mdata, + CBFS_FILE_ATTR_TAG_COMPRESSION, sizeof(*attr)); + if (attr) { + compression = be32toh(attr->compression); + if (buf_size < be32toh(attr->decompressed_size)) + return 0; + } - return cbfs_load_and_decompress(&fh.data, 0, region_device_sz(&fh.data), - buf, buf_size, compression_algo); + return cbfs_load_and_decompress(&rdev, 0, region_device_sz(&rdev), + buf, buf_size, compression); } int cbfs_prog_stage_load(struct prog *pstage)