we were returning if verified is not off, but we
were not doing the check soon enough.
now it's clearer: just after either a reset,
or we found out offset doesn't match, we
return sooner.
otherwise, we read, and we verify again right
after. in the old code, we verified twice in
a row.
this is just more optimal, for error handling.
Signed-off-by: Leah Rowe <leah@libreboot.org>
in the last patch, i return, which then avoids
resetting the offset.
prw is very careful not to return early.
Signed-off-by: Leah Rowe <leah@libreboot.org>
otherwise, if it's -1 and errno happens to be
EINTR or EAGAIN, we might loop on what is a
real error. this bug fixes that edge case.
Signed-off-by: Leah Rowe <leah@libreboot.org>
we already check before that rv is not negative,
and it starts at zero, but it's good to guard
it here just in case (for future re-factoring).
if rv is negative, it could convert (casted to
size_t) to a huge number (we don't want that).
Signed-off-by: Leah Rowe <leah@libreboot.org>
even with OFF_RESET, we still want some error checking.
if the check fails again immediately after, then it
suggests that another program really is modifying the
file, so we should stop.
the first check is done on the theory that another
program *was* working on it, but now isn't.
once again, this isn't perfect. use read pread/pwrite
if you need thread safety (and even then, you still
need to actually check your code)
Signed-off-by: Leah Rowe <leah@libreboot.org>
if a points to a buffer shorter than maxlen,
and the string is not null-terminated early,
the loop may read may overflow
e.g.
char buf[3] = {'a', 'b', 'c'};
xstrxcmp(buf, "abc", 50);
this is undefined behaviour, and a bug. C allows
reading past arrays only if the memory exists,
but we can't guarantee that
to fix it, we check the condition for return,
namely NULL character, before using the character
again. This avoids reading further from a multiple
times so we exit as soon as we encounter NULL
this also avoids multiple reads from memory, though
a compiler would optimise that anyway
Signed-off-by: Leah Rowe <leah@libreboot.org>
we currently reset just fine, but a partial success
where the previous offset is not the same as the
original should also be considered failure.
this patch therefore makes the return much stricter,
making the code return an error if this occurs,
which in nvmutil would then cause a program exit.
Signed-off-by: Leah Rowe <leah@libreboot.org>
we check them in prw, but we used to rely
on prw because we called that first. no more.
it's correct to also check them here anyway,
in case i ever call another function here.
Signed-off-by: Leah Rowe <leah@libreboot.org>
avoid pointer-range overflow arithmetic. this
patch doesn't change behaviour, but makes an
overflow impossible.
Signed-off-by: Leah Rowe <leah@libreboot.org>
off is signed, so converting that to unsigned
is better than converting rc (unsigned)
to signed. i had the right idea, but got
it wrong in the earlier version. this
should fix potential overflow issues.
Signed-off-by: Leah Rowe <leah@libreboot.org>
our fallback pwrite/pread behaviour still does not
properly replicate the safety of real pwrite/pread
i intend to put this i/o code into a library for use
in other programs; nvmutil is single-threaded so
this change is largely redundant (but can't hurt)
Signed-off-by: Leah Rowe <leah@libreboot.org>
rw_file_once was doing what rw_file_exact should be
doing
_once does what it says: once
we were passing an offset (rc) to it that it was not
meaningfully using.
this makes the code now more robust, especially if
we later swap out or break _once - then we don't
get weird behaviour (if there is a regression).
Signed-off-by: Leah Rowe <leah@libreboot.org>
we assert now that ulong is the size of a pointer,
therefore we know that it can fit a pointer reliably.
this code is written for c90 spec so lacks uintptr
Signed-off-by: Leah Rowe <leah@libreboot.org>
not available on older systems. can just pass
the relevant flag in the compiler:
HAVE_ARC4RANDOM_BUF=0 at build time if you need
the fallback.
Signed-off-by: Leah Rowe <leah@libreboot.org>
