From 0c9293f9c6c92c52e569b3afa49d8553cb551a9a Mon Sep 17 00:00:00 2001 From: Thomas Schmitt Date: Thu, 31 Jul 2014 12:32:06 +0000 Subject: [PATCH] Keeping GET CONFIGURATION from requesting more than 4 KB of data --- cdrskin/cdrskin_timestamp.h | 2 +- libburn/libdax_msgs.h | 1 + libburn/mmc.c | 19 +++++++++++++++++-- 3 files changed, 19 insertions(+), 3 deletions(-) diff --git a/cdrskin/cdrskin_timestamp.h b/cdrskin/cdrskin_timestamp.h index efd9624..8ada435 100644 --- a/cdrskin/cdrskin_timestamp.h +++ b/cdrskin/cdrskin_timestamp.h @@ -1 +1 @@ -#define Cdrskin_timestamP "2014.07.31.122752" +#define Cdrskin_timestamP "2014.07.31.123105" diff --git a/libburn/libdax_msgs.h b/libburn/libdax_msgs.h index cab1cee..394368b 100644 --- a/libburn/libdax_msgs.h +++ b/libburn/libdax_msgs.h @@ -610,6 +610,7 @@ Range "scdbackup" : 0x00020000 to 0x0002ffff 0x000201a6 (FATAL,HIGH) = Lost connection to drive 0x000201a7 (FAILURE,HIGH) = SCSI command yielded host problem 0x000201a8 (FAILURE,HIGH) = SCSI command yielded driver problem + 0x000201a9 (FAILURE,HIGH) = Implausible lenght from GET CONFIGURATION libdax_audioxtr: diff --git a/libburn/mmc.c b/libburn/mmc.c index cf08e80..20fea21 100644 --- a/libburn/mmc.c +++ b/libburn/mmc.c @@ -3238,10 +3238,11 @@ ex: void mmc_get_configuration(struct burn_drive *d) { int alloc_len = 8, ret; + char *msg = NULL; mmc_start_if_needed(d, 1); if (mmc_function_spy(d, "mmc_get_configuration") <= 0) - return; + goto ex; /* first command execution to learn Allocation Length */ ret = mmc_get_configuration_al(d, &alloc_len); @@ -3249,9 +3250,23 @@ void mmc_get_configuration(struct burn_drive *d) fprintf(stderr,"LIBBURN_DEBUG: 46h alloc_len = %d , ret = %d\n", alloc_len, ret); */ - if (alloc_len > 8 && ret > 0) + if (alloc_len > 8 && ret > 0) { + + if (alloc_len > 4096) { + /* MMC-5 6.6.2.1: The maximum is less than 1 KB */ + BURN_ALLOC_MEM(msg, char, 256); + sprintf(msg, "Implausible lenght announcement from SCSI command GET CONFIGURATION: %d", alloc_len); + libdax_msgs_submit(libdax_messenger, d->global_index, 0x000201a9, + LIBDAX_MSGS_SEV_FAILURE, LIBDAX_MSGS_PRIO_ZERO, + msg, 0, 0); + goto ex; + } + /* second execution with announced length */ mmc_get_configuration_al(d, &alloc_len); + } +ex:; + BURN_FREE_MEM(msg); }