From: razvanm <razvanm>
Date: Tue, 22 Jan 2008 00:40:59 +0000 (+0000)
Subject: Check the image number against the DELUGE_NUM_VOLUMES. The bug was reported by David... 
X-Git-Tag: release_tinyos_2_1_0_0~590
X-Git-Url: https://oss.titaniummirror.com/gitweb/?p=tinyos-2.x.git;a=commitdiff_plain;h=c1a7ccc021805d45c9d62003c6528c744c2742a6

Check the image number against the DELUGE_NUM_VOLUMES. The bug was reported by David "wizzardx".
---

diff --git a/tos/lib/net/Deluge/DelugeManagerP.nc b/tos/lib/net/Deluge/DelugeManagerP.nc
index 3b97e9e5..342d8ca2 100644
--- a/tos/lib/net/Deluge/DelugeManagerP.nc
+++ b/tos/lib/net/Deluge/DelugeManagerP.nc
@@ -90,14 +90,19 @@ implementation
       break;
     case DELUGE_CMD_ONLY_DISSEMINATE:
     case DELUGE_CMD_DISSEMINATE_AND_REPROGRAM:
-      if (call Resource.isOwner() || 
-	  call Resource.immediateRequest() == SUCCESS) {
+      if (request->imgNum < DELUGE_NUM_VOLUMES &&
+	  (call Resource.isOwner() || 
+	   call Resource.immediateRequest() == SUCCESS)) {
 	call DelugeMetadata.read(imgNum2volumeId[request->imgNum]);
       } else {
 	sendReply(FAIL);
       }
       break;
     case DELUGE_CMD_REPROGRAM:
+      if (!(request->imgNum < DELUGE_NUM_VOLUMES)) {
+	sendReply(FAIL);
+	break;
+      }
     case DELUGE_CMD_REBOOT:
       delugeCmd.imgNum = imgNum2volumeId[request->imgNum];
       call DelayTimer.startOneShot(1024);
diff --git a/tos/lib/net/Deluge/FlashVolumeManager/FlashVolumeManagerP.nc b/tos/lib/net/Deluge/FlashVolumeManager/FlashVolumeManagerP.nc
index 657d6795..56558c42 100644
--- a/tos/lib/net/Deluge/FlashVolumeManager/FlashVolumeManagerP.nc
+++ b/tos/lib/net/Deluge/FlashVolumeManager/FlashVolumeManagerP.nc
@@ -186,7 +186,7 @@ implementation
     }
 
     // Converts the image number that the user wants to the real image number
-    imgNum = imgNum2volumeId[request->imgNum];
+    imgNum = request->imgNum < DELUGE_NUM_VOLUMES ? imgNum2volumeId[request->imgNum] : 0xFF;
     
     if (imgNum != 0xFF) {
       error = SUCCESS;