d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix misalignment bugs caused by invalid type casts of pointers

Browse Source 
returned by md_reserve(). Space reserved by mb_reserve() is
byte aligned and need to be used in conjunction with le16enc()
and le32enc().

Tested on: ia64
This commit is contained in:
Marcel Moolenaar 2006-08-22 03:05:51 +00:00
parent c68ea28fe1
commit a6a4232f96
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=161523
4 changed files with 11 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
sys/netsmb/smb_crypt.c
View File

@ -241,8 +241,8 @@ smb_rq_sign(struct smb_rq *rqp)
}
/* Initialize sec. signature field to sequence number + zeros. */
*(u_int32_t *)rqp->sr_rqsig = htole32(rqp->sr_seqno);
*(u_int32_t *)(rqp->sr_rqsig + 4) = 0;
le32enc(rqp->sr_rqsig, rqp->sr_seqno);
le32enc(rqp->sr_rqsig + 4, 0);
/*
* Compute HMAC-MD5 of packet data, keyed by MAC key.

4
sys/netsmb/smb_iod.c
View File

@ -244,8 +244,8 @@ smb_iod_sendrq(struct smbiod *iod, struct smb_rq *rqp)
if (vcp->vc_maxmux != 0 && iod->iod_muxcnt >= vcp->vc_maxmux)
return 0;
#endif
*rqp->sr_rqtid = htole16(ssp ? ssp->ss_tid : SMB_TID_UNKNOWN);
*rqp->sr_rquid = htole16(vcp ? vcp->vc_smbuid : 0);
le16enc(rqp->sr_rqtid, ssp ? ssp->ss_tid : SMB_TID_UNKNOWN);
le16enc(rqp->sr_rquid, vcp ? vcp->vc_smbuid : 0);
mb_fixhdr(&rqp->sr_rq);
if (vcp->vc_hflags2 & SMB_FLAGS2_SECURITY_SIGNATURE)
smb_rq_sign(rqp);

8
sys/netsmb/smb_rq.c
View File

@ -141,9 +141,9 @@ smb_rq_new(struct smb_rq *rqp, u_char cmd)
rqp->sr_rqsig = (u_int8_t *)mb_reserve(mbp, 8);
mb_put_uint16le(mbp, 0);
}
rqp->sr_rqtid = (u_int16_t*)mb_reserve(mbp, sizeof(u_int16_t));
rqp->sr_rqtid = mb_reserve(mbp, sizeof(u_int16_t));
mb_put_uint16le(mbp, 1 /*scred->sc_p->p_pid & 0xffff*/);
rqp->sr_rquid = (u_int16_t*)mb_reserve(mbp, sizeof(u_int16_t));
rqp->sr_rquid = mb_reserve(mbp, sizeof(u_int16_t));
mb_put_uint16le(mbp, rqp->sr_mid);
return 0;
}
@ -239,7 +239,7 @@ smb_rq_wend(struct smb_rq *rqp)
void
smb_rq_bstart(struct smb_rq *rqp)
{
rqp->sr_bcount = (u_short*)mb_reserve(&rqp->sr_rq, sizeof(u_short));
rqp->sr_bcount = mb_reserve(&rqp->sr_rq, sizeof(u_short));
rqp->sr_rq.mb_count = 0;
}
@ -255,7 +255,7 @@ smb_rq_bend(struct smb_rq *rqp)
bcnt = rqp->sr_rq.mb_count;
if (bcnt > 0xffff)
SMBERROR("byte count too large (%d)\n", bcnt);
*rqp->sr_bcount = htole16(bcnt);
le16enc(rqp->sr_bcount, bcnt);
}
int

6
sys/netsmb/smb_rq.h
View File

@ -82,7 +82,7 @@ struct smb_rq {
u_int8_t sr_rqflags;
u_int16_t sr_rqflags2;
u_char * sr_wcount;
u_short * sr_bcount;
void * sr_bcount; /* Points to 2-byte buffer. */
struct mdchain sr_rp;
int sr_rpgen;
int sr_rplast;
@ -95,8 +95,8 @@ struct smb_rq {
struct timespec sr_timesent;
int sr_lerror;
u_int8_t * sr_rqsig;
u_int16_t * sr_rqtid;
u_int16_t * sr_rquid;
void * sr_rqtid; /* Points to 2-byte buffer. */
void * sr_rquid; /* Points to 2-byte buffer. */
u_int8_t sr_errclass;
u_int16_t sr_serror;
u_int32_t sr_error;