summaryrefslogtreecommitdiffstats
path: root/drivers/isdn/gigaset
diff options
context:
space:
mode:
authorTilman Schmidt <tilman@imap.cc>2014-10-11 07:46:30 -0400
committerDavid S. Miller <davem@davemloft.net>2014-10-14 15:05:35 -0400
commit2bf3a09ea51f807d78d48d0ebc591b9e1502a743 (patch)
tree40c6cdd92de50e053f80d83617ae119d1f7d9338 /drivers/isdn/gigaset
parent5510ab18048397193ae073d6b0d4ea78ff0170f5 (diff)
isdn/capi: handle CAPI 2.0 message parser failures
Have callers of capi_cmsg2message and capi_message2cmsg handle non-zero return values indicating failure. Signed-off-by: Tilman Schmidt <tilman@imap.cc> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'drivers/isdn/gigaset')
-rw-r--r--drivers/isdn/gigaset/capi.c148
1 files changed, 125 insertions, 23 deletions
diff --git a/drivers/isdn/gigaset/capi.c b/drivers/isdn/gigaset/capi.c
index 47e2a913a6ef..ccec7778cad2 100644
--- a/drivers/isdn/gigaset/capi.c
+++ b/drivers/isdn/gigaset/capi.c
@@ -647,7 +647,13 @@ int gigaset_isdn_icall(struct at_state_t *at_state)
647 __func__); 647 __func__);
648 break; 648 break;
649 } 649 }
650 capi_cmsg2message(&iif->hcmsg, __skb_put(skb, msgsize)); 650 if (capi_cmsg2message(&iif->hcmsg,
651 __skb_put(skb, msgsize))) {
652 dev_err(cs->dev, "%s: message parser failure\n",
653 __func__);
654 dev_kfree_skb_any(skb);
655 break;
656 }
651 dump_cmsg(DEBUG_CMD, __func__, &iif->hcmsg); 657 dump_cmsg(DEBUG_CMD, __func__, &iif->hcmsg);
652 658
653 /* add to listeners on this B channel, update state */ 659 /* add to listeners on this B channel, update state */
@@ -693,7 +699,12 @@ static void send_disconnect_ind(struct bc_state *bcs,
693 dev_err(cs->dev, "%s: out of memory\n", __func__); 699 dev_err(cs->dev, "%s: out of memory\n", __func__);
694 return; 700 return;
695 } 701 }
696 capi_cmsg2message(&iif->hcmsg, __skb_put(skb, CAPI_DISCONNECT_IND_LEN)); 702 if (capi_cmsg2message(&iif->hcmsg,
703 __skb_put(skb, CAPI_DISCONNECT_IND_LEN))) {
704 dev_err(cs->dev, "%s: message parser failure\n", __func__);
705 dev_kfree_skb_any(skb);
706 return;
707 }
697 dump_cmsg(DEBUG_CMD, __func__, &iif->hcmsg); 708 dump_cmsg(DEBUG_CMD, __func__, &iif->hcmsg);
698 capi_ctr_handle_message(&iif->ctr, ap->id, skb); 709 capi_ctr_handle_message(&iif->ctr, ap->id, skb);
699} 710}
@@ -723,8 +734,12 @@ static void send_disconnect_b3_ind(struct bc_state *bcs,
723 dev_err(cs->dev, "%s: out of memory\n", __func__); 734 dev_err(cs->dev, "%s: out of memory\n", __func__);
724 return; 735 return;
725 } 736 }
726 capi_cmsg2message(&iif->hcmsg, 737 if (capi_cmsg2message(&iif->hcmsg,
727 __skb_put(skb, CAPI_DISCONNECT_B3_IND_BASELEN)); 738 __skb_put(skb, CAPI_DISCONNECT_B3_IND_BASELEN))) {
739 dev_err(cs->dev, "%s: message parser failure\n", __func__);
740 dev_kfree_skb_any(skb);
741 return;
742 }
728 dump_cmsg(DEBUG_CMD, __func__, &iif->hcmsg); 743 dump_cmsg(DEBUG_CMD, __func__, &iif->hcmsg);
729 capi_ctr_handle_message(&iif->ctr, ap->id, skb); 744 capi_ctr_handle_message(&iif->ctr, ap->id, skb);
730} 745}
@@ -789,7 +804,11 @@ void gigaset_isdn_connD(struct bc_state *bcs)
789 dev_err(cs->dev, "%s: out of memory\n", __func__); 804 dev_err(cs->dev, "%s: out of memory\n", __func__);
790 return; 805 return;
791 } 806 }
792 capi_cmsg2message(&iif->hcmsg, __skb_put(skb, msgsize)); 807 if (capi_cmsg2message(&iif->hcmsg, __skb_put(skb, msgsize))) {
808 dev_err(cs->dev, "%s: message parser failure\n", __func__);
809 dev_kfree_skb_any(skb);
810 return;
811 }
793 dump_cmsg(DEBUG_CMD, __func__, &iif->hcmsg); 812 dump_cmsg(DEBUG_CMD, __func__, &iif->hcmsg);
794 capi_ctr_handle_message(&iif->ctr, ap->id, skb); 813 capi_ctr_handle_message(&iif->ctr, ap->id, skb);
795} 814}
@@ -889,7 +908,11 @@ void gigaset_isdn_connB(struct bc_state *bcs)
889 dev_err(cs->dev, "%s: out of memory\n", __func__); 908 dev_err(cs->dev, "%s: out of memory\n", __func__);
890 return; 909 return;
891 } 910 }
892 capi_cmsg2message(&iif->hcmsg, __skb_put(skb, msgsize)); 911 if (capi_cmsg2message(&iif->hcmsg, __skb_put(skb, msgsize))) {
912 dev_err(cs->dev, "%s: message parser failure\n", __func__);
913 dev_kfree_skb_any(skb);
914 return;
915 }
893 dump_cmsg(DEBUG_CMD, __func__, &iif->hcmsg); 916 dump_cmsg(DEBUG_CMD, __func__, &iif->hcmsg);
894 capi_ctr_handle_message(&iif->ctr, ap->id, skb); 917 capi_ctr_handle_message(&iif->ctr, ap->id, skb);
895} 918}
@@ -1096,13 +1119,19 @@ static void send_conf(struct gigaset_capi_ctr *iif,
1096 struct sk_buff *skb, 1119 struct sk_buff *skb,
1097 u16 info) 1120 u16 info)
1098{ 1121{
1122 struct cardstate *cs = iif->ctr.driverdata;
1123
1099 /* 1124 /*
1100 * _CONF replies always only have NCCI and Info parameters 1125 * _CONF replies always only have NCCI and Info parameters
1101 * so they'll fit into the _REQ message skb 1126 * so they'll fit into the _REQ message skb
1102 */ 1127 */
1103 capi_cmsg_answer(&iif->acmsg); 1128 capi_cmsg_answer(&iif->acmsg);
1104 iif->acmsg.Info = info; 1129 iif->acmsg.Info = info;
1105 capi_cmsg2message(&iif->acmsg, skb->data); 1130 if (capi_cmsg2message(&iif->acmsg, skb->data)) {
1131 dev_err(cs->dev, "%s: message parser failure\n", __func__);
1132 dev_kfree_skb_any(skb);
1133 return;
1134 }
1106 __skb_trim(skb, CAPI_STDCONF_LEN); 1135 __skb_trim(skb, CAPI_STDCONF_LEN);
1107 dump_cmsg(DEBUG_CMD, __func__, &iif->acmsg); 1136 dump_cmsg(DEBUG_CMD, __func__, &iif->acmsg);
1108 capi_ctr_handle_message(&iif->ctr, ap->id, skb); 1137 capi_ctr_handle_message(&iif->ctr, ap->id, skb);
@@ -1124,7 +1153,11 @@ static void do_facility_req(struct gigaset_capi_ctr *iif,
1124 static u8 confparam[10]; /* max. 9 octets + length byte */ 1153 static u8 confparam[10]; /* max. 9 octets + length byte */
1125 1154
1126 /* decode message */ 1155 /* decode message */
1127 capi_message2cmsg(cmsg, skb->data); 1156 if (capi_message2cmsg(cmsg, skb->data)) {
1157 dev_err(cs->dev, "%s: message parser failure\n", __func__);
1158 dev_kfree_skb_any(skb);
1159 return;
1160 }
1128 dump_cmsg(DEBUG_CMD, __func__, cmsg); 1161 dump_cmsg(DEBUG_CMD, __func__, cmsg);
1129 1162
1130 /* 1163 /*
@@ -1223,6 +1256,7 @@ static void do_facility_req(struct gigaset_capi_ctr *iif,
1223 } 1256 }
1224 1257
1225 /* send FACILITY_CONF with given Info and confirmation parameter */ 1258 /* send FACILITY_CONF with given Info and confirmation parameter */
1259 dev_kfree_skb_any(skb);
1226 capi_cmsg_answer(cmsg); 1260 capi_cmsg_answer(cmsg);
1227 cmsg->Info = info; 1261 cmsg->Info = info;
1228 cmsg->FacilityConfirmationParameter = confparam; 1262 cmsg->FacilityConfirmationParameter = confparam;
@@ -1232,7 +1266,11 @@ static void do_facility_req(struct gigaset_capi_ctr *iif,
1232 dev_err(cs->dev, "%s: out of memory\n", __func__); 1266 dev_err(cs->dev, "%s: out of memory\n", __func__);
1233 return; 1267 return;
1234 } 1268 }
1235 capi_cmsg2message(cmsg, __skb_put(cskb, msgsize)); 1269 if (capi_cmsg2message(cmsg, __skb_put(cskb, msgsize))) {
1270 dev_err(cs->dev, "%s: message parser failure\n", __func__);
1271 dev_kfree_skb_any(cskb);
1272 return;
1273 }
1236 dump_cmsg(DEBUG_CMD, __func__, cmsg); 1274 dump_cmsg(DEBUG_CMD, __func__, cmsg);
1237 capi_ctr_handle_message(&iif->ctr, ap->id, cskb); 1275 capi_ctr_handle_message(&iif->ctr, ap->id, cskb);
1238} 1276}
@@ -1246,8 +1284,14 @@ static void do_listen_req(struct gigaset_capi_ctr *iif,
1246 struct gigaset_capi_appl *ap, 1284 struct gigaset_capi_appl *ap,
1247 struct sk_buff *skb) 1285 struct sk_buff *skb)
1248{ 1286{
1287 struct cardstate *cs = iif->ctr.driverdata;
1288
1249 /* decode message */ 1289 /* decode message */
1250 capi_message2cmsg(&iif->acmsg, skb->data); 1290 if (capi_message2cmsg(&iif->acmsg, skb->data)) {
1291 dev_err(cs->dev, "%s: message parser failure\n", __func__);
1292 dev_kfree_skb_any(skb);
1293 return;
1294 }
1251 dump_cmsg(DEBUG_CMD, __func__, &iif->acmsg); 1295 dump_cmsg(DEBUG_CMD, __func__, &iif->acmsg);
1252 1296
1253 /* store listening parameters */ 1297 /* store listening parameters */
@@ -1264,8 +1308,14 @@ static void do_alert_req(struct gigaset_capi_ctr *iif,
1264 struct gigaset_capi_appl *ap, 1308 struct gigaset_capi_appl *ap,
1265 struct sk_buff *skb) 1309 struct sk_buff *skb)
1266{ 1310{
1311 struct cardstate *cs = iif->ctr.driverdata;
1312
1267 /* decode message */ 1313 /* decode message */
1268 capi_message2cmsg(&iif->acmsg, skb->data); 1314 if (capi_message2cmsg(&iif->acmsg, skb->data)) {
1315 dev_err(cs->dev, "%s: message parser failure\n", __func__);
1316 dev_kfree_skb_any(skb);
1317 return;
1318 }
1269 dump_cmsg(DEBUG_CMD, __func__, &iif->acmsg); 1319 dump_cmsg(DEBUG_CMD, __func__, &iif->acmsg);
1270 send_conf(iif, ap, skb, CapiAlertAlreadySent); 1320 send_conf(iif, ap, skb, CapiAlertAlreadySent);
1271} 1321}
@@ -1290,7 +1340,11 @@ static void do_connect_req(struct gigaset_capi_ctr *iif,
1290 u16 info; 1340 u16 info;
1291 1341
1292 /* decode message */ 1342 /* decode message */
1293 capi_message2cmsg(cmsg, skb->data); 1343 if (capi_message2cmsg(cmsg, skb->data)) {
1344 dev_err(cs->dev, "%s: message parser failure\n", __func__);
1345 dev_kfree_skb_any(skb);
1346 return;
1347 }
1294 dump_cmsg(DEBUG_CMD, __func__, cmsg); 1348 dump_cmsg(DEBUG_CMD, __func__, cmsg);
1295 1349
1296 /* get free B channel & construct PLCI */ 1350 /* get free B channel & construct PLCI */
@@ -1577,7 +1631,11 @@ static void do_connect_resp(struct gigaset_capi_ctr *iif,
1577 int channel; 1631 int channel;
1578 1632
1579 /* decode message */ 1633 /* decode message */
1580 capi_message2cmsg(cmsg, skb->data); 1634 if (capi_message2cmsg(cmsg, skb->data)) {
1635 dev_err(cs->dev, "%s: message parser failure\n", __func__);
1636 dev_kfree_skb_any(skb);
1637 return;
1638 }
1581 dump_cmsg(DEBUG_CMD, __func__, cmsg); 1639 dump_cmsg(DEBUG_CMD, __func__, cmsg);
1582 dev_kfree_skb_any(skb); 1640 dev_kfree_skb_any(skb);
1583 1641
@@ -1743,7 +1801,11 @@ static void do_connect_b3_req(struct gigaset_capi_ctr *iif,
1743 int channel; 1801 int channel;
1744 1802
1745 /* decode message */ 1803 /* decode message */
1746 capi_message2cmsg(cmsg, skb->data); 1804 if (capi_message2cmsg(cmsg, skb->data)) {
1805 dev_err(cs->dev, "%s: message parser failure\n", __func__);
1806 dev_kfree_skb_any(skb);
1807 return;
1808 }
1747 dump_cmsg(DEBUG_CMD, __func__, cmsg); 1809 dump_cmsg(DEBUG_CMD, __func__, cmsg);
1748 1810
1749 /* extract and check channel number from PLCI */ 1811 /* extract and check channel number from PLCI */
@@ -1788,7 +1850,11 @@ static void do_connect_b3_resp(struct gigaset_capi_ctr *iif,
1788 u8 command; 1850 u8 command;
1789 1851
1790 /* decode message */ 1852 /* decode message */
1791 capi_message2cmsg(cmsg, skb->data); 1853 if (capi_message2cmsg(cmsg, skb->data)) {
1854 dev_err(cs->dev, "%s: message parser failure\n", __func__);
1855 dev_kfree_skb_any(skb);
1856 return;
1857 }
1792 dump_cmsg(DEBUG_CMD, __func__, cmsg); 1858 dump_cmsg(DEBUG_CMD, __func__, cmsg);
1793 1859
1794 /* extract and check channel number and NCCI */ 1860 /* extract and check channel number and NCCI */
@@ -1828,7 +1894,11 @@ static void do_connect_b3_resp(struct gigaset_capi_ctr *iif,
1828 capi_cmsg_header(cmsg, ap->id, command, CAPI_IND, 1894 capi_cmsg_header(cmsg, ap->id, command, CAPI_IND,
1829 ap->nextMessageNumber++, cmsg->adr.adrNCCI); 1895 ap->nextMessageNumber++, cmsg->adr.adrNCCI);
1830 __skb_trim(skb, msgsize); 1896 __skb_trim(skb, msgsize);
1831 capi_cmsg2message(cmsg, skb->data); 1897 if (capi_cmsg2message(cmsg, skb->data)) {
1898 dev_err(cs->dev, "%s: message parser failure\n", __func__);
1899 dev_kfree_skb_any(skb);
1900 return;
1901 }
1832 dump_cmsg(DEBUG_CMD, __func__, cmsg); 1902 dump_cmsg(DEBUG_CMD, __func__, cmsg);
1833 capi_ctr_handle_message(&iif->ctr, ap->id, skb); 1903 capi_ctr_handle_message(&iif->ctr, ap->id, skb);
1834} 1904}
@@ -1850,7 +1920,11 @@ static void do_disconnect_req(struct gigaset_capi_ctr *iif,
1850 int channel; 1920 int channel;
1851 1921
1852 /* decode message */ 1922 /* decode message */
1853 capi_message2cmsg(cmsg, skb->data); 1923 if (capi_message2cmsg(cmsg, skb->data)) {
1924 dev_err(cs->dev, "%s: message parser failure\n", __func__);
1925 dev_kfree_skb_any(skb);
1926 return;
1927 }
1854 dump_cmsg(DEBUG_CMD, __func__, cmsg); 1928 dump_cmsg(DEBUG_CMD, __func__, cmsg);
1855 1929
1856 /* extract and check channel number from PLCI */ 1930 /* extract and check channel number from PLCI */
@@ -1906,8 +1980,14 @@ static void do_disconnect_req(struct gigaset_capi_ctr *iif,
1906 kfree(b3cmsg); 1980 kfree(b3cmsg);
1907 return; 1981 return;
1908 } 1982 }
1909 capi_cmsg2message(b3cmsg, 1983 if (capi_cmsg2message(b3cmsg,
1910 __skb_put(b3skb, CAPI_DISCONNECT_B3_IND_BASELEN)); 1984 __skb_put(b3skb, CAPI_DISCONNECT_B3_IND_BASELEN))) {
1985 dev_err(cs->dev, "%s: message parser failure\n",
1986 __func__);
1987 kfree(b3cmsg);
1988 dev_kfree_skb_any(b3skb);
1989 return;
1990 }
1911 dump_cmsg(DEBUG_CMD, __func__, b3cmsg); 1991 dump_cmsg(DEBUG_CMD, __func__, b3cmsg);
1912 kfree(b3cmsg); 1992 kfree(b3cmsg);
1913 capi_ctr_handle_message(&iif->ctr, ap->id, b3skb); 1993 capi_ctr_handle_message(&iif->ctr, ap->id, b3skb);
@@ -1938,7 +2018,11 @@ static void do_disconnect_b3_req(struct gigaset_capi_ctr *iif,
1938 int channel; 2018 int channel;
1939 2019
1940 /* decode message */ 2020 /* decode message */
1941 capi_message2cmsg(cmsg, skb->data); 2021 if (capi_message2cmsg(cmsg, skb->data)) {
2022 dev_err(cs->dev, "%s: message parser failure\n", __func__);
2023 dev_kfree_skb_any(skb);
2024 return;
2025 }
1942 dump_cmsg(DEBUG_CMD, __func__, cmsg); 2026 dump_cmsg(DEBUG_CMD, __func__, cmsg);
1943 2027
1944 /* extract and check channel number and NCCI */ 2028 /* extract and check channel number and NCCI */
@@ -2055,8 +2139,14 @@ static void do_reset_b3_req(struct gigaset_capi_ctr *iif,
2055 struct gigaset_capi_appl *ap, 2139 struct gigaset_capi_appl *ap,
2056 struct sk_buff *skb) 2140 struct sk_buff *skb)
2057{ 2141{
2142 struct cardstate *cs = iif->ctr.driverdata;
2143
2058 /* decode message */ 2144 /* decode message */
2059 capi_message2cmsg(&iif->acmsg, skb->data); 2145 if (capi_message2cmsg(&iif->acmsg, skb->data)) {
2146 dev_err(cs->dev, "%s: message parser failure\n", __func__);
2147 dev_kfree_skb_any(skb);
2148 return;
2149 }
2060 dump_cmsg(DEBUG_CMD, __func__, &iif->acmsg); 2150 dump_cmsg(DEBUG_CMD, __func__, &iif->acmsg);
2061 send_conf(iif, ap, skb, 2151 send_conf(iif, ap, skb,
2062 CapiResetProcedureNotSupportedByCurrentProtocol); 2152 CapiResetProcedureNotSupportedByCurrentProtocol);
@@ -2069,8 +2159,14 @@ static void do_unsupported(struct gigaset_capi_ctr *iif,
2069 struct gigaset_capi_appl *ap, 2159 struct gigaset_capi_appl *ap,
2070 struct sk_buff *skb) 2160 struct sk_buff *skb)
2071{ 2161{
2162 struct cardstate *cs = iif->ctr.driverdata;
2163
2072 /* decode message */ 2164 /* decode message */
2073 capi_message2cmsg(&iif->acmsg, skb->data); 2165 if (capi_message2cmsg(&iif->acmsg, skb->data)) {
2166 dev_err(cs->dev, "%s: message parser failure\n", __func__);
2167 dev_kfree_skb_any(skb);
2168 return;
2169 }
2074 dump_cmsg(DEBUG_CMD, __func__, &iif->acmsg); 2170 dump_cmsg(DEBUG_CMD, __func__, &iif->acmsg);
2075 send_conf(iif, ap, skb, CapiMessageNotSupportedInCurrentState); 2171 send_conf(iif, ap, skb, CapiMessageNotSupportedInCurrentState);
2076} 2172}
@@ -2082,8 +2178,14 @@ static void do_nothing(struct gigaset_capi_ctr *iif,
2082 struct gigaset_capi_appl *ap, 2178 struct gigaset_capi_appl *ap,
2083 struct sk_buff *skb) 2179 struct sk_buff *skb)
2084{ 2180{
2181 struct cardstate *cs = iif->ctr.driverdata;
2182
2085 /* decode message */ 2183 /* decode message */
2086 capi_message2cmsg(&iif->acmsg, skb->data); 2184 if (capi_message2cmsg(&iif->acmsg, skb->data)) {
2185 dev_err(cs->dev, "%s: message parser failure\n", __func__);
2186 dev_kfree_skb_any(skb);
2187 return;
2188 }
2087 dump_cmsg(DEBUG_CMD, __func__, &iif->acmsg); 2189 dump_cmsg(DEBUG_CMD, __func__, &iif->acmsg);
2088 dev_kfree_skb_any(skb); 2190 dev_kfree_skb_any(skb);
2089} 2191}
generated by cgit v1.2.2 (git 2.25.0) at 2025-02-23 21:29:58 -0500