From owner-freebsd-audit  Thu Mar 28  1:26:47 2002
Delivered-To: freebsd-audit@freebsd.org
Received: from melchior.cuivre.fr.eu.org (melchior.enst.fr [137.194.161.6])
	by hub.freebsd.org (Postfix) with ESMTP id F35B937B416
	for <freebsd-audit@freebsd.org>; Thu, 28 Mar 2002 01:26:40 -0800 (PST)
Received: from melusine.cuivre.fr.eu.org (melusine.enst.fr [137.194.160.34])
	by melchior.cuivre.fr.eu.org (Postfix) with ESMTP id 195F27606
	for <freebsd-audit@freebsd.org>; Thu, 28 Mar 2002 10:26:38 +0100 (CET)
Received: by melusine.cuivre.fr.eu.org (Postfix, from userid 1000)
	id E829E2C3D1; Thu, 28 Mar 2002 10:26:37 +0100 (CET)
Date: Thu, 28 Mar 2002 10:26:37 +0100
From: Thomas Quinot <thomas@cuivre.fr.eu.org>
To: freebsd-audit@freebsd.org
Subject: boot2.c deobfuscation
Message-ID: <20020328102637.A842@melusine.cuivre.fr.eu.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
Sender: owner-freebsd-audit@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-audit.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-audit>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-audit>
X-Loop: FreeBSD.ORG

Could others please review the following patch (originally
PR i386/36015, diff updated to reflect the commit of 36016)?

Thanks,
Thomas.

>Fix:
        The following patches clarifies the stream of control at
        the beginning of main() by making autoboot a two-state
        variable (instead of a 3-state), with no functional
        change at all.

        Magical numeric values for ioctrl are replaced with #define'd
        macros.

        Hard-coded tick values for calls to keyhit are replaced
        by static expressions in terms of multiples of a SECOND
        #define. This change introduces a functional difference:
        the first time-out will be 1 tick shorter.

Index: boot2.c
===================================================================
RCS file: /home/ncvs/src/sys/boot/i386/boot2/boot2.c,v
retrieving revision 1.38
diff -u -r1.38 boot2.c
--- boot2.c	23 Mar 2002 19:40:27 -0000	1.38
+++ boot2.c	28 Mar 2002 09:25:42 -0000
@@ -37,6 +37,11 @@
 #include "boot2.h"
 #include "lib.h"
 
+#define IO_KEYBOARD	1
+#define IO_SERIAL	2
+
+#define SECOND		18	/* Circa that many ticks in a second. */
+
 #define RBX_ASKNAME	0x0	/* -a */
 #define RBX_SINGLE	0x1	/* -s */
 #define RBX_DFLTROOT	0x5	/* -r */
@@ -138,7 +143,7 @@
 static struct bootinfo bootinfo;
 static int ls;
 static uint32_t fs_off;
-static uint8_t ioctrl = 0x1;
+static uint8_t ioctrl = IO_KEYBOARD;
 
 void exit(int);
 static void load(const char *);
@@ -281,34 +286,39 @@
     bootinfo.bi_memsizes_valid++;
     for (i = 0; i < N_BIOS_GEOM; i++)
 	bootinfo.bi_bios_geom[i] = drvinfo(i);
-    autoboot = 2;
+
+    /* Process configuration file */
+
+    autoboot = 1;
     readfile(PATH_CONFIG, cmd, sizeof(cmd));
     if (*cmd) {
 	printf("%s: %s", PATH_CONFIG, cmd);
 	if (parse(cmd))
 	    autoboot = 0;
-	*cmd = 0;
     }
-    if (autoboot && !*kname) {
-	if (autoboot == 2) {
-	    memcpy(kname, PATH_BOOT3, sizeof(PATH_BOOT3));
-	    if (!keyhit(0x37)) {
-		load(kname);
-		autoboot = 1;
-	    }
-	}
-	if (autoboot == 1)
+
+    /* Try to exec stage 3 boot loader. If interrupted by a keypress, *
+     * or in case of failure, try to load a kernel directly instaed.  */
+
+    if (autoboot) {
+	memcpy(kname, PATH_BOOT3, sizeof(PATH_BOOT3));
+	if (!keyhit(3 * SECOND)) {
+	    load(kname);
 	    memcpy(kname, PATH_KERNEL, sizeof(PATH_KERNEL));
+	}
     }
+
+    /* Present the user with the boot2 prompt. */
+
     for (;;) {
 	printf(" \n>> FreeBSD/i386 BOOT\n"
 	       "Default: %u:%s(%u,%c)%s\n"
 	       "boot: ",
 	       dsk.drive & DRV_MASK, dev_nm[dsk.type], dsk.unit,
 	       'a' + dsk.part, kname);
-	if (ioctrl & 0x2)
+	if (ioctrl & IO_SERIAL)
 	    sio_flush();
-	if (!autoboot || keyhit(0x5a))
+	if (!autoboot || keyhit(5 * SECOND))
 	    getstr(cmd, sizeof(cmd));
 	else
 	    putchar('\n');
@@ -447,9 +457,9 @@
 		    opts |= 1 << RBX_DUAL | 1 << RBX_SERIAL;
 		opts &= ~(1 << RBX_PROBEKBD);
 	    }
-	    ioctrl = opts & 1 << RBX_DUAL ? 0x3 :
-		     opts & 1 << RBX_SERIAL ? 0x2 : 0x1;
-	    if (ioctrl & 0x2)
+	    ioctrl = opts & 1 << RBX_DUAL ? (IO_SERIAL | IO_KEYBOARD) :
+		     opts & 1 << RBX_SERIAL ? IO_SERIAL : IO_KEYBOARD;
+	    if (ioctrl & IO_SERIAL)
 	        sio_init();
 	} else {
 	    for (q = arg--; *q && *q != '('; q++);
@@ -794,9 +804,9 @@
 static int
 xputc(int c)
 {
-    if (ioctrl & 0x1)
+    if (ioctrl & IO_KEYBOARD)
 	putc(c);
-    if (ioctrl & 0x2)
+    if (ioctrl & IO_SERIAL)
 	sio_putc(c);
     return c;
 }
@@ -807,9 +817,9 @@
     if (opts & 1 << RBX_NOINTR)
 	return 0;
     for (;;) {
-	if (ioctrl & 0x1 && getc(1))
+	if (ioctrl & IO_KEYBOARD && getc(1))
 	    return fn ? 1 : getc(0);
-	if (ioctrl & 0x2 && sio_ischar())
+	if (ioctrl & IO_SERIAL && sio_ischar())
 	    return fn ? 1 : sio_getc();
 	if (fn)
 	    return 0;
-- 
    Thomas.Quinot@Cuivre.FR.EU.ORG

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message