strnlen is not available on some older systems,
so now we provide our own portable version.
this version also aborts on NULL input, unlike
the standard function.
this version also does not permit empty strings.
this version also does not permit unterminated
strings.
Signed-off-by: Leah Rowe <leah@libreboot.org>
arc4random is superior, so using /dev/urandom
would be a mistake. we only use that on linux,
or old/weird unix.
we would also use it on linux, but GNU prohibits
nice things (its implementations are spotty, and
old glibc doesn't have it - before 2022 there is
libbsd, but i'm not importing that).
not that it matters. we're not doing encryption.
i'm just a stickler for technical correctness.
Signed-off-by: Leah Rowe <leah@libreboot.org>
There, we use arc4random_buf which does not directly
access /dev/urandom on BSD; it uses a userspace method
instead, which bypasses this.
This is therefore much more restrictive, which is
exactly the point of unveil(2) and pledge(2); restrict
your program's operation while ensuring that it has what
it needs, to help with debugging and prevent common bugs.
Signed-off-by: Leah Rowe <leah@libreboot.org>
otherwise, it's a pointless computation
i also added a guard to mitigate this, in the
read file function. this should have been there
anyway.
Signed-off-by: Leah Rowe <leah@libreboot.org>
if the enum is messed up, this patch also prevents
that. this is not to catch a runtime error, but
to intentionally trip up a maintainer that screws
up, prompting them to fix their future mistake.
we previously used a pointer directly, without
even checking index/NULL - that too is now covered,
except that we now use an indice for command[] and
execute the command from that, rather than directly
declaring a pointer.
Signed-off-by: Leah Rowe <leah@libreboot.org>
this way, if a user does e.g.
./nvm gbe.bin bullshit
It will say: bullshit
Right now, it just says invalid length. This
means if the user wanted to type e.g.
./nvm gbe.bin copy 0
but they typed:
./nvm gbe.bin coyp 0
Now it will tell them that it's trying
to set the MAC address "coyp".
This is because if an invalid command is given,
it's treated as a MAC address instead. This is
by design, to allow e.g.
./nvm gbe.bin xx:1x:1x:xx:xx:xx
Signed-off-by: Leah Rowe <leah@libreboot.org>
point directly to the command table.
run through an intermediary function to check
bounds, for safety.
this will allow me to then set things like
the invert config directly in that struct.
Signed-off-by: Leah Rowe <leah@libreboot.org>
we need only declare it in the centralised gbe_file_offset
function, which determines whether a write to the gbe file
falls specifically within the 4KB range that is the gbe
part.
it is always half of the gbe file size, and then the first
4KB of each half stores the gbe part.
Signed-off-by: Leah Rowe <leah@libreboot.org>
these variables newrandom and oldrandom are unused on
BSD systems, and their unused status may trigger
warnings on some compilers.
Signed-off-by: Leah Rowe <leah@libreboot.org>
yeah, do the verification manually, don't convert
to size_t. this avoids a bunch of theoretical
bugs that i can't be bothered to explain at 3AM
just trust me bro
Signed-off-by: Leah Rowe <leah@libreboot.org>
preventative fix for later, if the tool is ever expanded
to have a better command syntax, for supporting more than
one file at a time.
Signed-off-by: Leah Rowe <leah@libreboot.org>
