Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/net Make fields in ioctl parameters that are not allowed...
details: https://anonhg.NetBSD.org/src/rev/d8b6ecfe2f23
branches: trunk
changeset: 520746:d8b6ecfe2f23
user: martin <martin%NetBSD.org@localhost>
date: Tue Jan 15 12:28:08 2002 +0000
description:
Make fields in ioctl parameters that are not allowed to be negative u_ints.
Better range & sanity checking for ioctl arguments (thanks, Jaromir!)
diffstat:
sys/net/if_sppp.h | 18 ++++++------
sys/net/if_spppsubr.c | 76 ++++++++++++++++++++++++++++++++++++--------------
2 files changed, 63 insertions(+), 31 deletions(-)
diffs (155 lines):
diff -r 45b76dd7c7f3 -r d8b6ecfe2f23 sys/net/if_sppp.h
--- a/sys/net/if_sppp.h Tue Jan 15 12:10:50 2002 +0000
+++ b/sys/net/if_sppp.h Tue Jan 15 12:28:08 2002 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: if_sppp.h,v 1.14 2002/01/07 10:49:02 martin Exp $ */
+/* $NetBSD: if_sppp.h,v 1.15 2002/01/15 12:28:08 martin Exp $ */
/*
* Copyright (c) 2002 Martin Husemann. All rights reserved.
@@ -38,14 +38,14 @@
struct spppauthcfg {
char ifname[IFNAMSIZ]; /* pppoe interface name */
- int hisauth; /* one of SPPP_AUTHPROTO_* above */
- int myauth; /* one of SPPP_AUTHPROTO_* above */
- int myname_length; /* includes terminating 0 */
- int mysecret_length; /* includes terminating 0 */
- int hisname_length; /* includes terminating 0 */
- int hissecret_length; /* includes terminating 0 */
- int myauthflags;
- int hisauthflags;
+ u_int hisauth; /* one of SPPP_AUTHPROTO_* above */
+ u_int myauth; /* one of SPPP_AUTHPROTO_* above */
+ u_int myname_length; /* includes terminating 0 */
+ u_int mysecret_length; /* includes terminating 0 */
+ u_int hisname_length; /* includes terminating 0 */
+ u_int hissecret_length; /* includes terminating 0 */
+ u_int myauthflags;
+ u_int hisauthflags;
char *myname;
char *mysecret;
char *hisname;
diff -r 45b76dd7c7f3 -r d8b6ecfe2f23 sys/net/if_spppsubr.c
--- a/sys/net/if_spppsubr.c Tue Jan 15 12:10:50 2002 +0000
+++ b/sys/net/if_spppsubr.c Tue Jan 15 12:28:08 2002 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: if_spppsubr.c,v 1.40 2002/01/14 07:39:14 martin Exp $ */
+/* $NetBSD: if_spppsubr.c,v 1.41 2002/01/15 12:28:08 martin Exp $ */
/*
* Synchronous PPP/Cisco link level subroutines.
@@ -28,7 +28,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if_spppsubr.c,v 1.40 2002/01/14 07:39:14 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_spppsubr.c,v 1.41 2002/01/15 12:28:08 martin Exp $");
#include "opt_inet.h"
#include "opt_ipx.h"
@@ -4923,23 +4923,31 @@
if (sp->myauth.name != NULL)
cfg->myname_length = strlen(sp->myauth.name)+1;
} else {
- int rv;
- size_t len = strlen(sp->myauth.name);
- if (cfg->myname_length < len+1)
- return ENAMETOOLONG;
- rv = copyout(sp->myauth.name, cfg->myname, len);
- if (rv) return rv;
+ if (sp->myauth.name == NULL) {
+ cfg->myname_length = 0;
+ } else {
+ int rv;
+ size_t len = strlen(sp->myauth.name)+1;
+ if (cfg->myname_length < len)
+ return ENAMETOOLONG;
+ rv = copyout(sp->myauth.name, cfg->myname, len);
+ if (rv) return rv;
+ }
}
if (cfg->hisname_length == 0) {
if(sp->hisauth.name != NULL)
cfg->hisname_length = strlen(sp->hisauth.name)+1;
} else {
- int rv;
- size_t len = strlen(sp->hisauth.name);
- if (cfg->hisname_length < len+1)
- return ENAMETOOLONG;
- rv = copyout(sp->hisauth.name, cfg->hisname, len);
- if (rv) return rv;
+ if (sp->hisauth.name == NULL) {
+ cfg->hisname_length = 0;
+ } else {
+ int rv;
+ size_t len = strlen(sp->hisauth.name)+1;
+ if (cfg->hisname_length < len)
+ return ENAMETOOLONG;
+ rv = copyout(sp->hisauth.name, cfg->hisname, len);
+ if (rv) return rv;
+ }
}
}
break;
@@ -4957,28 +4965,52 @@
if (sp->hisauth.secret) free(sp->hisauth.secret, M_DEVBUF);
sp->hisauth.secret = NULL;
- if (cfg->hisname != NULL && cfg->hisname_length) {
+ if (cfg->hisname != NULL && cfg->hisname_length > 0) {
+ if (cfg->hisname_length >= MCLBYTES)
+ return ENAMETOOLONG;
sp->hisauth.name = malloc(cfg->hisname_length, M_DEVBUF, M_WAITOK);
rv = copyin(cfg->hisname, sp->hisauth.name, cfg->hisname_length);
- if (rv) return rv;
+ if (rv) {
+ free(sp->hisauth.name, M_DEVBUF);
+ sp->hisauth.name = NULL;
+ return rv;
+ }
sp->hisauth.name[cfg->hisname_length-1] = 0;
}
- if (cfg->hissecret != NULL && cfg->hissecret_length) {
+ if (cfg->hissecret != NULL && cfg->hissecret_length > 0) {
+ if (cfg->hissecret_length >= MCLBYTES)
+ return ENAMETOOLONG;
sp->hisauth.secret = malloc(cfg->hissecret_length, M_DEVBUF, M_WAITOK);
rv = copyin(cfg->hissecret, sp->hisauth.secret, cfg->hissecret_length);
- if (rv) return rv;
+ if (rv) {
+ free(sp->hisauth.secret, M_DEVBUF);
+ sp->hisauth.secret = NULL;
+ return rv;
+ }
sp->hisauth.secret[cfg->hisname_length-1] = 0;
}
- if (cfg->myname != NULL && cfg->myname_length) {
+ if (cfg->myname != NULL && cfg->myname_length > 0) {
+ if (cfg->myname_length >= MCLBYTES)
+ return ENAMETOOLONG;
sp->myauth.name = malloc(cfg->myname_length, M_DEVBUF, M_WAITOK);
rv = copyin(cfg->myname, sp->myauth.name, cfg->myname_length);
- if (rv) return rv;
+ if (rv) {
+ free(sp->myauth.name, M_DEVBUF);
+ sp->myauth.name = NULL;
+ return rv;
+ }
sp->myauth.name[cfg->myname_length-1] = 0;
}
- if (cfg->mysecret != NULL && cfg->mysecret_length) {
+ if (cfg->mysecret != NULL && cfg->mysecret_length > 0) {
+ if (cfg->mysecret_length >= MCLBYTES)
+ return ENAMETOOLONG;
sp->myauth.secret = malloc(cfg->mysecret_length, M_DEVBUF, M_WAITOK);
rv = copyin(cfg->mysecret, sp->myauth.secret, cfg->mysecret_length);
- if (rv) return rv;
+ if (rv) {
+ free(sp->myauth.secret, M_DEVBUF);
+ sp->myauth.secret = NULL;
+ return rv;
+ }
sp->myauth.secret[cfg->myname_length-1] = 0;
}
sp->myauth.flags = cfg->myauthflags;
Home |
Main Index |
Thread Index |
Old Index