Change some variables from int to size_t. This is more accurate since
these variables represent sizes in one capacity or another. There is no reason to allow negative numbers. Change userspace shared structure elements that get used for the modified functions from int to uint32_t, since it's not clear what userspace programs use these fields, and we do not want to break binary compatibility. This fixes a panic when corrupt or bogus data is passed into the kernel. Obtained from: NetBSD MFC after: 3 weeks
This commit is contained in:
parent
3e182d5872
commit
2801f33bda
@ -58,9 +58,9 @@
|
||||
|
||||
struct smbioc_ossn {
|
||||
int ioc_opt;
|
||||
int ioc_svlen; /* size of ioc_server address */
|
||||
uint32_t ioc_svlen; /* size of ioc_server address */
|
||||
struct sockaddr*ioc_server;
|
||||
int ioc_lolen; /* size of ioc_local address */
|
||||
uint32_t ioc_lolen; /* size of ioc_local address */
|
||||
struct sockaddr*ioc_local;
|
||||
char ioc_srvname[SMB_MAXSRVNAMELEN + 1];
|
||||
int ioc_timeout;
|
||||
|
@ -93,7 +93,7 @@ char *
|
||||
smb_strdup(const char *s)
|
||||
{
|
||||
char *p;
|
||||
int len;
|
||||
size_t len;
|
||||
|
||||
len = s ? strlen(s) + 1 : 1;
|
||||
p = malloc(len, M_SMBSTR, M_WAITOK);
|
||||
@ -108,11 +108,13 @@ smb_strdup(const char *s)
|
||||
* duplicate string from a user space.
|
||||
*/
|
||||
char *
|
||||
smb_strdupin(char *s, int maxlen)
|
||||
smb_strdupin(char *s, size_t maxlen)
|
||||
{
|
||||
char *p, bt;
|
||||
int error, len = 0;
|
||||
int error;
|
||||
size_t len;
|
||||
|
||||
len = 0;
|
||||
for (p = s; ;p++) {
|
||||
if (copyin(p, &bt, 1))
|
||||
return NULL;
|
||||
@ -135,7 +137,7 @@ smb_strdupin(char *s, int maxlen)
|
||||
* duplicate memory block from a user space.
|
||||
*/
|
||||
void *
|
||||
smb_memdupin(void *umem, int len)
|
||||
smb_memdupin(void *umem, size_t len)
|
||||
{
|
||||
char *p;
|
||||
|
||||
@ -178,7 +180,7 @@ smb_memfree(void *s)
|
||||
}
|
||||
|
||||
void *
|
||||
smb_zmalloc(unsigned long size, struct malloc_type *type, int flags)
|
||||
smb_zmalloc(size_t size, struct malloc_type *type, int flags)
|
||||
{
|
||||
|
||||
return malloc(size, type, flags | M_ZERO);
|
||||
@ -197,12 +199,12 @@ smb_strtouni(u_int16_t *dst, const char *src)
|
||||
void
|
||||
m_dumpm(struct mbuf *m) {
|
||||
char *p;
|
||||
int len;
|
||||
size_t len;
|
||||
printf("d=");
|
||||
while(m) {
|
||||
p=mtod(m,char *);
|
||||
len=m->m_len;
|
||||
printf("(%d)",len);
|
||||
printf("(%zu)",len);
|
||||
while(len--){
|
||||
printf("%02x ",((int)*(p++)) & 0xff);
|
||||
}
|
||||
@ -337,7 +339,7 @@ smb_copy_iconv(struct mbchain *mbp, c_caddr_t src, caddr_t dst,
|
||||
|
||||
int
|
||||
smb_put_dmem(struct mbchain *mbp, struct smb_vc *vcp, const char *src,
|
||||
int size, int caseopt)
|
||||
size_t size, int caseopt)
|
||||
{
|
||||
struct iconv_drv *dp = vcp->vc_toserver;
|
||||
|
||||
|
@ -101,19 +101,19 @@ void smb_makescred(struct smb_cred *scred, struct thread *td, struct ucred *cred
|
||||
int smb_td_intr(struct thread *);
|
||||
char *smb_strdup(const char *s);
|
||||
void *smb_memdup(const void *umem, int len);
|
||||
char *smb_strdupin(char *s, int maxlen);
|
||||
void *smb_memdupin(void *umem, int len);
|
||||
char *smb_strdupin(char *s, size_t maxlen);
|
||||
void *smb_memdupin(void *umem, size_t len);
|
||||
void smb_strtouni(u_int16_t *dst, const char *src);
|
||||
void smb_strfree(char *s);
|
||||
void smb_memfree(void *s);
|
||||
void *smb_zmalloc(unsigned long size, struct malloc_type *type, int flags);
|
||||
void *smb_zmalloc(size_t size, struct malloc_type *type, int flags);
|
||||
|
||||
int smb_calcmackey(struct smb_vc *vcp);
|
||||
int smb_encrypt(const u_char *apwd, u_char *C8, u_char *RN);
|
||||
int smb_ntencrypt(const u_char *apwd, u_char *C8, u_char *RN);
|
||||
int smb_maperror(int eclass, int eno);
|
||||
int smb_put_dmem(struct mbchain *mbp, struct smb_vc *vcp,
|
||||
const char *src, int len, int caseopt);
|
||||
const char *src, size_t len, int caseopt);
|
||||
int smb_put_dstring(struct mbchain *mbp, struct smb_vc *vcp,
|
||||
const char *src, int caseopt);
|
||||
int smb_put_string(struct smb_rq *rqp, const char *src);
|
||||
|
Loading…
Reference in New Issue
Block a user