From 7fcdc815d2a94de06bd67fdfa52af84a249a12ed Mon Sep 17 00:00:00 2001 From: Dimitry Andric Date: Mon, 29 Aug 2016 19:40:46 +0000 Subject: [PATCH] Avoid undefined behavior when calling va_start() in bnep_send_control(), by making the 'type' parameter a plain unsigned. MFC after: 3 days --- usr.sbin/bluetooth/btpand/bnep.c | 4 ++-- usr.sbin/bluetooth/btpand/btpand.h | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/usr.sbin/bluetooth/btpand/bnep.c b/usr.sbin/bluetooth/btpand/bnep.c index 4065b1ba8e0c..3a2bc67ebd53 100644 --- a/usr.sbin/bluetooth/btpand/bnep.c +++ b/usr.sbin/bluetooth/btpand/bnep.c @@ -574,7 +574,7 @@ bnep_recv_filter_multi_addr_rsp(channel_t *chan, uint8_t *ptr, size_t size) } void -bnep_send_control(channel_t *chan, uint8_t type, ...) +bnep_send_control(channel_t *chan, unsigned type, ...) { packet_t *pkt; uint8_t *p; @@ -590,7 +590,7 @@ bnep_send_control(channel_t *chan, uint8_t type, ...) va_start(ap, type); *p++ = BNEP_CONTROL; - *p++ = type; + *p++ = (uint8_t)type; switch(type) { case BNEP_CONTROL_COMMAND_NOT_UNDERSTOOD: diff --git a/usr.sbin/bluetooth/btpand/btpand.h b/usr.sbin/bluetooth/btpand/btpand.h index c5f7204ab403..3bcd1f72d41f 100644 --- a/usr.sbin/bluetooth/btpand/btpand.h +++ b/usr.sbin/bluetooth/btpand/btpand.h @@ -183,7 +183,7 @@ b2eaddr(void *dst, bdaddr_t *src) /* bnep.c */ bool bnep_send(channel_t *, packet_t *); bool bnep_recv(packet_t *); -void bnep_send_control(channel_t *, uint8_t, ...); +void bnep_send_control(channel_t *, unsigned, ...); /* channel.c */ void channel_init(void);