#include <common.h>
#include <command.h>
+#ifdef CONFIG_SYS_DIRECT_FLASH_NFS
+#include <flash.h>
+#endif
+#include <image.h>
+#include <log.h>
#include <net.h>
#include <malloc.h>
#include <mapmem.h>
#include "nfs.h"
#include "bootp.h"
+#include <time.h>
#define HASHES_PER_LINE 65 /* Number of "loading" hashes per line */
#define NFS_RETRY_COUNT 30
-#ifndef CONFIG_NFS_TIMEOUT
-# define NFS_TIMEOUT 2000UL
-#else
-# define NFS_TIMEOUT CONFIG_NFS_TIMEOUT
-#endif
#define NFS_RPC_ERR 1
#define NFS_RPC_DROP 124
static unsigned long rpc_id;
static int nfs_offset = -1;
static int nfs_len;
-static ulong nfs_timeout = NFS_TIMEOUT;
+static const ulong nfs_timeout = CONFIG_NFS_TIMEOUT;
static char dirfh[NFS_FHSIZE]; /* NFSv2 / NFSv3 file handle of directory */
static char filefh[NFS3_FHSIZE]; /* NFSv2 / NFSv3 file handle */
-static int filefh3_length; /* (variable) length of filefh when NFSv3 */
+static unsigned int filefh3_length; /* (variable) length of filefh when NFSv3 */
static enum net_loop_state nfs_download_state;
static struct in_addr nfs_server_ip;
for (i = 0; i < CONFIG_SYS_MAX_FLASH_BANKS; i++) {
/* start address in flash? */
- if (load_addr + offset >= flash_info[i].start[0]) {
+ if (image_load_addr + offset >= flash_info[i].start[0]) {
rc = 1;
break;
}
}
if (rc) { /* Flash is destination for this packet */
- rc = flash_write((uchar *)src, (ulong)(load_addr+offset), len);
+ rc = flash_write((uchar *)src, (ulong)image_load_addr + offset,
+ len);
if (rc) {
flash_perror(rc);
return -1;
} else
#endif /* CONFIG_SYS_DIRECT_FLASH_NFS */
{
- void *ptr = map_sysmem(load_addr + offset, len);
+ void *ptr = map_sysmem(image_load_addr + offset, len);
memcpy(ptr, src, len);
unmap_sysmem(ptr);
rpc_pkt.u.call.vers = htonl(2); /* portmapper is version 2 */
}
rpc_pkt.u.call.proc = htonl(rpc_proc);
- p = (uint32_t *)&(rpc_pkt.u.call.data);
+ p = rpc_pkt.u.call.data;
if (datalen)
- memcpy((char *)p, (char *)data, datalen*sizeof(uint32_t));
+ memcpy(p, data, datalen * sizeof(uint32_t));
pktlen = (char *)p + datalen * sizeof(uint32_t) - (char *)&rpc_pkt;
}
if (supported_nfs_versions & NFSV2_FLAG) {
+ if (((uchar *)&(rpc_pkt.u.reply.data[0]) - (uchar *)(&rpc_pkt) + NFS_FHSIZE) > len)
+ return -NFS_RPC_DROP;
memcpy(filefh, rpc_pkt.u.reply.data + 1, NFS_FHSIZE);
} else { /* NFSV3_FLAG */
filefh3_length = ntohl(rpc_pkt.u.reply.data[1]);
static int nfs3_get_attributes_offset(uint32_t *data)
{
- if (ntohl(data[1]) != 0) {
+ if (data[1]) {
/* 'attributes_follow' flag is TRUE,
* so we have attributes on 21 dwords */
/* Skip unused values :
/* new path length */
rlen = ntohl(rpc_pkt.u.reply.data[1 + nfsv3_data_offset]);
+ if (((uchar *)&(rpc_pkt.u.reply.data[0]) - (uchar *)(&rpc_pkt) + rlen) > len)
+ return -NFS_RPC_DROP;
+
if (*((char *)&(rpc_pkt.u.reply.data[2 + nfsv3_data_offset])) != '/') {
int pathlen;
&(rpc_pkt.u.reply.data[4 + nfsv3_data_offset]);
}
+ if (((uchar *)&(rpc_pkt.u.reply.data[0]) - (uchar *)(&rpc_pkt) + rlen) > len)
+ return -9999;
+
if (store_block(data_ptr, nfs_offset, rlen))
return -9999;
} else {
puts("T ");
net_set_timeout_handler(nfs_timeout +
- NFS_TIMEOUT * nfs_timeout_count,
+ nfs_timeout * nfs_timeout_count,
nfs_timeout_handler);
nfs_send();
}
debug("%s\n", __func__);
+ if (len > sizeof(struct rpc_t))
+ return;
+
if (dest != nfs_our_port)
return;
net_boot_file_expected_size_in_blocks << 9);
print_size(net_boot_file_expected_size_in_blocks << 9, "");
}
- printf("\nLoad address: 0x%lx\nLoading: *\b", load_addr);
+ printf("\nLoad address: 0x%lx\nLoading: *\b", image_load_addr);
net_set_timeout_handler(nfs_timeout, nfs_timeout_handler);
net_set_udp_handler(nfs_handler);