Change some variables from int to size_t. This is more accurate since

these variables represent sizes in one capacity or another.  There is
no reason to allow negative numbers.  Change userspace shared structure
elements that get used for the modified functions from int to uint32_t,
since it's not clear what userspace programs use these fields, and we
do not want to break binary compatibility.  This fixes a panic when
corrupt or bogus data is passed into the kernel.

Obtained from:	NetBSD
MFC after:	3 weeks
This commit is contained in:
Christian S.J. Peron 2011-01-08 23:06:54 +00:00
parent e0b71bf2a4
commit a67b22d67f
3 changed files with 16 additions and 14 deletions

View File

@ -58,9 +58,9 @@
struct smbioc_ossn {
int ioc_opt;
int ioc_svlen; /* size of ioc_server address */
uint32_t ioc_svlen; /* size of ioc_server address */
struct sockaddr*ioc_server;
int ioc_lolen; /* size of ioc_local address */
uint32_t ioc_lolen; /* size of ioc_local address */
struct sockaddr*ioc_local;
char ioc_srvname[SMB_MAXSRVNAMELEN + 1];
int ioc_timeout;

View File

@ -93,7 +93,7 @@ char *
smb_strdup(const char *s)
{
char *p;
int len;
size_t len;
len = s ? strlen(s) + 1 : 1;
p = malloc(len, M_SMBSTR, M_WAITOK);
@ -108,11 +108,13 @@ smb_strdup(const char *s)
* duplicate string from a user space.
*/
char *
smb_strdupin(char *s, int maxlen)
smb_strdupin(char *s, size_t maxlen)
{
char *p, bt;
int error, len = 0;
int error;
size_t len;
len = 0;
for (p = s; ;p++) {
if (copyin(p, &bt, 1))
return NULL;
@ -135,7 +137,7 @@ smb_strdupin(char *s, int maxlen)
* duplicate memory block from a user space.
*/
void *
smb_memdupin(void *umem, int len)
smb_memdupin(void *umem, size_t len)
{
char *p;
@ -178,7 +180,7 @@ smb_memfree(void *s)
}
void *
smb_zmalloc(unsigned long size, struct malloc_type *type, int flags)
smb_zmalloc(size_t size, struct malloc_type *type, int flags)
{
return malloc(size, type, flags | M_ZERO);
@ -197,12 +199,12 @@ smb_strtouni(u_int16_t *dst, const char *src)
void
m_dumpm(struct mbuf *m) {
char *p;
int len;
size_t len;
printf("d=");
while(m) {
p=mtod(m,char *);
len=m->m_len;
printf("(%d)",len);
printf("(%zu)",len);
while(len--){
printf("%02x ",((int)*(p++)) & 0xff);
}
@ -337,7 +339,7 @@ smb_copy_iconv(struct mbchain *mbp, c_caddr_t src, caddr_t dst,
int
smb_put_dmem(struct mbchain *mbp, struct smb_vc *vcp, const char *src,
int size, int caseopt)
size_t size, int caseopt)
{
struct iconv_drv *dp = vcp->vc_toserver;

View File

@ -101,19 +101,19 @@ void smb_makescred(struct smb_cred *scred, struct thread *td, struct ucred *cred
int smb_td_intr(struct thread *);
char *smb_strdup(const char *s);
void *smb_memdup(const void *umem, int len);
char *smb_strdupin(char *s, int maxlen);
void *smb_memdupin(void *umem, int len);
char *smb_strdupin(char *s, size_t maxlen);
void *smb_memdupin(void *umem, size_t len);
void smb_strtouni(u_int16_t *dst, const char *src);
void smb_strfree(char *s);
void smb_memfree(void *s);
void *smb_zmalloc(unsigned long size, struct malloc_type *type, int flags);
void *smb_zmalloc(size_t size, struct malloc_type *type, int flags);
int smb_calcmackey(struct smb_vc *vcp);
int smb_encrypt(const u_char *apwd, u_char *C8, u_char *RN);
int smb_ntencrypt(const u_char *apwd, u_char *C8, u_char *RN);
int smb_maperror(int eclass, int eno);
int smb_put_dmem(struct mbchain *mbp, struct smb_vc *vcp,
const char *src, int len, int caseopt);
const char *src, size_t len, int caseopt);
int smb_put_dstring(struct mbchain *mbp, struct smb_vc *vcp,
const char *src, int caseopt);
int smb_put_string(struct smb_rq *rqp, const char *src);