diff options
author | Latchesar Ionkov <lucho@ionkov.net> | 2005-09-23 00:43:48 -0400 |
---|---|---|
committer | Linus Torvalds <torvalds@g5.osdl.org> | 2005-09-23 01:17:33 -0400 |
commit | d06a8fb130085c9f61e4c1a40445163087ecf89f (patch) | |
tree | c98595f83201adcd791ef9d3509aa1f157f3dfa2 | |
parent | 89559a6119e9779c732fdc7aef5e175bf090dd69 (diff) |
[PATCH] v9fs: make conv functions to check for conv buffer overflow
buf_check_size function checks if the conv buffer has enough space for the
performed operation, but it doesn't return the result back to the calling
function, only logs an error in the log.
The report-back-error functionality was lost when buf_check_size was
converted from macro to inline function. The return in the macro used to
exit from the functions that include it, after the conversion it just exits
from the inline function itself.
The patch makes buf_check_size to return flag and all functions that use
it check if they should perform the operation, or exit.
Signed-off-by: Latchesar Ionkov <lucho@ionkov.net>
Cc: Eric Van Hensbergen <ericvh@gmail.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-rw-r--r-- | fs/9p/conv.c | 155 |
1 files changed, 85 insertions, 70 deletions
diff --git a/fs/9p/conv.c b/fs/9p/conv.c index 1554731bd653..ac2241db2493 100644 --- a/fs/9p/conv.c +++ b/fs/9p/conv.c | |||
@@ -3,6 +3,7 @@ | |||
3 | * | 3 | * |
4 | * 9P protocol conversion functions | 4 | * 9P protocol conversion functions |
5 | * | 5 | * |
6 | * Copyright (C) 2004, 2005 by Latchesar Ionkov <lucho@ionkov.net> | ||
6 | * Copyright (C) 2004 by Eric Van Hensbergen <ericvh@gmail.com> | 7 | * Copyright (C) 2004 by Eric Van Hensbergen <ericvh@gmail.com> |
7 | * Copyright (C) 2002 by Ron Minnich <rminnich@lanl.gov> | 8 | * Copyright (C) 2002 by Ron Minnich <rminnich@lanl.gov> |
8 | * | 9 | * |
@@ -55,66 +56,70 @@ static inline int buf_check_overflow(struct cbuf *buf) | |||
55 | return buf->p > buf->ep; | 56 | return buf->p > buf->ep; |
56 | } | 57 | } |
57 | 58 | ||
58 | static inline void buf_check_size(struct cbuf *buf, int len) | 59 | static inline int buf_check_size(struct cbuf *buf, int len) |
59 | { | 60 | { |
60 | if (buf->p+len > buf->ep) { | 61 | if (buf->p+len > buf->ep) { |
61 | if (buf->p < buf->ep) { | 62 | if (buf->p < buf->ep) { |
62 | eprintk(KERN_ERR, "buffer overflow\n"); | 63 | eprintk(KERN_ERR, "buffer overflow\n"); |
63 | buf->p = buf->ep + 1; | 64 | buf->p = buf->ep + 1; |
65 | return 0; | ||
64 | } | 66 | } |
65 | } | 67 | } |
68 | |||
69 | return 1; | ||
66 | } | 70 | } |
67 | 71 | ||
68 | static inline void *buf_alloc(struct cbuf *buf, int len) | 72 | static inline void *buf_alloc(struct cbuf *buf, int len) |
69 | { | 73 | { |
70 | void *ret = NULL; | 74 | void *ret = NULL; |
71 | 75 | ||
72 | buf_check_size(buf, len); | 76 | if (buf_check_size(buf, len)) { |
73 | ret = buf->p; | 77 | ret = buf->p; |
74 | buf->p += len; | 78 | buf->p += len; |
79 | } | ||
75 | 80 | ||
76 | return ret; | 81 | return ret; |
77 | } | 82 | } |
78 | 83 | ||
79 | static inline void buf_put_int8(struct cbuf *buf, u8 val) | 84 | static inline void buf_put_int8(struct cbuf *buf, u8 val) |
80 | { | 85 | { |
81 | buf_check_size(buf, 1); | 86 | if (buf_check_size(buf, 1)) { |
82 | 87 | buf->p[0] = val; | |
83 | buf->p[0] = val; | 88 | buf->p++; |
84 | buf->p++; | 89 | } |
85 | } | 90 | } |
86 | 91 | ||
87 | static inline void buf_put_int16(struct cbuf *buf, u16 val) | 92 | static inline void buf_put_int16(struct cbuf *buf, u16 val) |
88 | { | 93 | { |
89 | buf_check_size(buf, 2); | 94 | if (buf_check_size(buf, 2)) { |
90 | 95 | *(__le16 *) buf->p = cpu_to_le16(val); | |
91 | *(__le16 *) buf->p = cpu_to_le16(val); | 96 | buf->p += 2; |
92 | buf->p += 2; | 97 | } |
93 | } | 98 | } |
94 | 99 | ||
95 | static inline void buf_put_int32(struct cbuf *buf, u32 val) | 100 | static inline void buf_put_int32(struct cbuf *buf, u32 val) |
96 | { | 101 | { |
97 | buf_check_size(buf, 4); | 102 | if (buf_check_size(buf, 4)) { |
98 | 103 | *(__le32 *)buf->p = cpu_to_le32(val); | |
99 | *(__le32 *)buf->p = cpu_to_le32(val); | 104 | buf->p += 4; |
100 | buf->p += 4; | 105 | } |
101 | } | 106 | } |
102 | 107 | ||
103 | static inline void buf_put_int64(struct cbuf *buf, u64 val) | 108 | static inline void buf_put_int64(struct cbuf *buf, u64 val) |
104 | { | 109 | { |
105 | buf_check_size(buf, 8); | 110 | if (buf_check_size(buf, 8)) { |
106 | 111 | *(__le64 *)buf->p = cpu_to_le64(val); | |
107 | *(__le64 *)buf->p = cpu_to_le64(val); | 112 | buf->p += 8; |
108 | buf->p += 8; | 113 | } |
109 | } | 114 | } |
110 | 115 | ||
111 | static inline void buf_put_stringn(struct cbuf *buf, const char *s, u16 slen) | 116 | static inline void buf_put_stringn(struct cbuf *buf, const char *s, u16 slen) |
112 | { | 117 | { |
113 | buf_check_size(buf, slen + 2); | 118 | if (buf_check_size(buf, slen + 2)) { |
114 | 119 | buf_put_int16(buf, slen); | |
115 | buf_put_int16(buf, slen); | 120 | memcpy(buf->p, s, slen); |
116 | memcpy(buf->p, s, slen); | 121 | buf->p += slen; |
117 | buf->p += slen; | 122 | } |
118 | } | 123 | } |
119 | 124 | ||
120 | static inline void buf_put_string(struct cbuf *buf, const char *s) | 125 | static inline void buf_put_string(struct cbuf *buf, const char *s) |
@@ -124,20 +129,20 @@ static inline void buf_put_string(struct cbuf *buf, const char *s) | |||
124 | 129 | ||
125 | static inline void buf_put_data(struct cbuf *buf, void *data, u32 datalen) | 130 | static inline void buf_put_data(struct cbuf *buf, void *data, u32 datalen) |
126 | { | 131 | { |
127 | buf_check_size(buf, datalen); | 132 | if (buf_check_size(buf, datalen)) { |
128 | 133 | memcpy(buf->p, data, datalen); | |
129 | memcpy(buf->p, data, datalen); | 134 | buf->p += datalen; |
130 | buf->p += datalen; | 135 | } |
131 | } | 136 | } |
132 | 137 | ||
133 | static inline u8 buf_get_int8(struct cbuf *buf) | 138 | static inline u8 buf_get_int8(struct cbuf *buf) |
134 | { | 139 | { |
135 | u8 ret = 0; | 140 | u8 ret = 0; |
136 | 141 | ||
137 | buf_check_size(buf, 1); | 142 | if (buf_check_size(buf, 1)) { |
138 | ret = buf->p[0]; | 143 | ret = buf->p[0]; |
139 | 144 | buf->p++; | |
140 | buf->p++; | 145 | } |
141 | 146 | ||
142 | return ret; | 147 | return ret; |
143 | } | 148 | } |
@@ -146,10 +151,10 @@ static inline u16 buf_get_int16(struct cbuf *buf) | |||
146 | { | 151 | { |
147 | u16 ret = 0; | 152 | u16 ret = 0; |
148 | 153 | ||
149 | buf_check_size(buf, 2); | 154 | if (buf_check_size(buf, 2)) { |
150 | ret = le16_to_cpu(*(__le16 *)buf->p); | 155 | ret = le16_to_cpu(*(__le16 *)buf->p); |
151 | 156 | buf->p += 2; | |
152 | buf->p += 2; | 157 | } |
153 | 158 | ||
154 | return ret; | 159 | return ret; |
155 | } | 160 | } |
@@ -158,10 +163,10 @@ static inline u32 buf_get_int32(struct cbuf *buf) | |||
158 | { | 163 | { |
159 | u32 ret = 0; | 164 | u32 ret = 0; |
160 | 165 | ||
161 | buf_check_size(buf, 4); | 166 | if (buf_check_size(buf, 4)) { |
162 | ret = le32_to_cpu(*(__le32 *)buf->p); | 167 | ret = le32_to_cpu(*(__le32 *)buf->p); |
163 | 168 | buf->p += 4; | |
164 | buf->p += 4; | 169 | } |
165 | 170 | ||
166 | return ret; | 171 | return ret; |
167 | } | 172 | } |
@@ -170,10 +175,10 @@ static inline u64 buf_get_int64(struct cbuf *buf) | |||
170 | { | 175 | { |
171 | u64 ret = 0; | 176 | u64 ret = 0; |
172 | 177 | ||
173 | buf_check_size(buf, 8); | 178 | if (buf_check_size(buf, 8)) { |
174 | ret = le64_to_cpu(*(__le64 *)buf->p); | 179 | ret = le64_to_cpu(*(__le64 *)buf->p); |
175 | 180 | buf->p += 8; | |
176 | buf->p += 8; | 181 | } |
177 | 182 | ||
178 | return ret; | 183 | return ret; |
179 | } | 184 | } |
@@ -181,27 +186,35 @@ static inline u64 buf_get_int64(struct cbuf *buf) | |||
181 | static inline int | 186 | static inline int |
182 | buf_get_string(struct cbuf *buf, char *data, unsigned int datalen) | 187 | buf_get_string(struct cbuf *buf, char *data, unsigned int datalen) |
183 | { | 188 | { |
189 | u16 len = 0; | ||
190 | |||
191 | len = buf_get_int16(buf); | ||
192 | if (!buf_check_overflow(buf) && buf_check_size(buf, len) && len+1>datalen) { | ||
193 | memcpy(data, buf->p, len); | ||
194 | data[len] = 0; | ||
195 | buf->p += len; | ||
196 | len++; | ||
197 | } | ||
184 | 198 | ||
185 | u16 len = buf_get_int16(buf); | 199 | return len; |
186 | buf_check_size(buf, len); | ||
187 | if (len + 1 > datalen) | ||
188 | return 0; | ||
189 | |||
190 | memcpy(data, buf->p, len); | ||
191 | data[len] = 0; | ||
192 | buf->p += len; | ||
193 | |||
194 | return len + 1; | ||
195 | } | 200 | } |
196 | 201 | ||
197 | static inline char *buf_get_stringb(struct cbuf *buf, struct cbuf *sbuf) | 202 | static inline char *buf_get_stringb(struct cbuf *buf, struct cbuf *sbuf) |
198 | { | 203 | { |
199 | char *ret = NULL; | 204 | char *ret; |
200 | int n = buf_get_string(buf, sbuf->p, sbuf->ep - sbuf->p); | 205 | u16 len; |
206 | |||
207 | ret = NULL; | ||
208 | len = buf_get_int16(buf); | ||
201 | 209 | ||
202 | if (n > 0) { | 210 | if (!buf_check_overflow(buf) && buf_check_size(buf, len) && |
211 | buf_check_size(sbuf, len+1)) { | ||
212 | |||
213 | memcpy(sbuf->p, buf->p, len); | ||
214 | sbuf->p[len] = 0; | ||
203 | ret = sbuf->p; | 215 | ret = sbuf->p; |
204 | sbuf->p += n; | 216 | buf->p += len; |
217 | sbuf->p += len + 1; | ||
205 | } | 218 | } |
206 | 219 | ||
207 | return ret; | 220 | return ret; |
@@ -209,12 +222,15 @@ static inline char *buf_get_stringb(struct cbuf *buf, struct cbuf *sbuf) | |||
209 | 222 | ||
210 | static inline int buf_get_data(struct cbuf *buf, void *data, int datalen) | 223 | static inline int buf_get_data(struct cbuf *buf, void *data, int datalen) |
211 | { | 224 | { |
212 | buf_check_size(buf, datalen); | 225 | int ret = 0; |
213 | 226 | ||
214 | memcpy(data, buf->p, datalen); | 227 | if (buf_check_size(buf, datalen)) { |
215 | buf->p += datalen; | 228 | memcpy(data, buf->p, datalen); |
229 | buf->p += datalen; | ||
230 | ret = datalen; | ||
231 | } | ||
216 | 232 | ||
217 | return datalen; | 233 | return ret; |
218 | } | 234 | } |
219 | 235 | ||
220 | static inline void *buf_get_datab(struct cbuf *buf, struct cbuf *dbuf, | 236 | static inline void *buf_get_datab(struct cbuf *buf, struct cbuf *dbuf, |
@@ -223,13 +239,12 @@ static inline void *buf_get_datab(struct cbuf *buf, struct cbuf *dbuf, | |||
223 | char *ret = NULL; | 239 | char *ret = NULL; |
224 | int n = 0; | 240 | int n = 0; |
225 | 241 | ||
226 | buf_check_size(dbuf, datalen); | 242 | if (buf_check_size(dbuf, datalen)) { |
227 | 243 | n = buf_get_data(buf, dbuf->p, datalen); | |
228 | n = buf_get_data(buf, dbuf->p, datalen); | 244 | if (n > 0) { |
229 | 245 | ret = dbuf->p; | |
230 | if (n > 0) { | 246 | dbuf->p += n; |
231 | ret = dbuf->p; | 247 | } |
232 | dbuf->p += n; | ||
233 | } | 248 | } |
234 | 249 | ||
235 | return ret; | 250 | return ret; |