[PATCH] Fix buffer overflow and races in capi debug functions

The CAPI trace debug functions were using a fixed size buffer, which can be overflowed if wrong formatted CAPI messages were sent to the kernel capi layer. The code was also not protected against multiple callers. This fix bug 8028. Additionally the patch make the CAPI trace functions optional. Signed-off-by: Karsten Keil <kkeil@suse.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
author: Karsten Keil <kkeil@suse.de> 2007-02-28 23:13:50 -0500
committer: Linus Torvalds <torvalds@woody.linux-foundation.org> 2007-03-01 17:53:39 -0500
commit: 17f0cd2f350b90b28301e27fe0e39f34bfe7e730 (patch)
tree: 6baba85d4f3b83398dc5a412b328bfcef1633548 /drivers/isdn/capi/capidrv.c
parent: 34bbd704051c9d053d69e90569a3a2365f4c7b50 (diff)
1 files changed, 22 insertions, 6 deletions
diff --git a/drivers/isdn/capi/capidrv.c b/drivers/isdn/capi/capidrv.c
index 2a49cea0a223..23b6f7bc16b7 100644
--- a/drivers/isdn/capi/capidrv.c
+++ b/drivers/isdn/capi/capidrv.c
@@ -990,6 +990,7 @@ static void handle_plci(_cmsg * cmsg)
        capidrv_contr *card = findcontrbynumber(cmsg->adr.adrController & 0x7f);
        capidrv_plci *plcip;
        isdn_ctrl cmd;
+        _cdebbuf *cdb;
        if (!card) {
                printk(KERN_ERR "capidrv: %s from unknown controller 0x%x\n",
@@ -1122,8 +1123,15 @@ static void handle_plci(_cmsg * cmsg)
                                break;
                        }
                }
-                printk(KERN_ERR "capidrv-%d: %s\n",
+                cdb = capi_cmsg2str(cmsg);
-                                card->contrnr, capi_cmsg2str(cmsg));
+                if (cdb) {
+                        printk(KERN_WARNING "capidrv-%d: %s\n",
+                                card->contrnr, cdb->buf);
+                        cdebbuf_free(cdb);
+                } else
+                        printk(KERN_WARNING "capidrv-%d: CAPI_INFO_IND InfoNumber %x not handled\n",
+                                card->contrnr, cmsg->InfoNumber);
                break;
        case CAPI_CONNECT_ACTIVE_CONF:          /* plci */
@@ -1371,10 +1379,18 @@ static _cmsg s_cmsg;
 static void capidrv_recv_message(struct capi20_appl *ap, struct sk_buff *skb)
 {
        capi_message2cmsg(&s_cmsg, skb->data);
-        if (debugmode > 3)
+        if (debugmode > 3) {
-                printk(KERN_DEBUG "capidrv_signal: applid=%d %s\n",
+                _cdebbuf *cdb = capi_cmsg2str(&s_cmsg);
-                       ap->applid, capi_cmsg2str(&s_cmsg));
-        
+                if (cdb) {
+                        printk(KERN_DEBUG "%s: applid=%d %s\n", __FUNCTION__,
+                                ap->applid, cdb->buf);
+                        cdebbuf_free(cdb);
+                } else
+                        printk(KERN_DEBUG "%s: applid=%d %s not traced\n",
+                                __FUNCTION__, ap->applid,
+                                capi_cmd2str(s_cmsg.Command, s_cmsg.Subcommand));
+        }
        if (s_cmsg.Command == CAPI_DATA_B3
            && s_cmsg.Subcommand == CAPI_IND) {
                handle_data(&s_cmsg, skb);
author	Karsten Keil <kkeil@suse.de>	2007-02-28 23:13:50 -0500
committer	Linus Torvalds <torvalds@woody.linux-foundation.org>	2007-03-01 17:53:39 -0500
commit	17f0cd2f350b90b28301e27fe0e39f34bfe7e730 (patch)
tree	6baba85d4f3b83398dc5a412b328bfcef1633548 /drivers/isdn/capi/capidrv.c
parent	34bbd704051c9d053d69e90569a3a2365f4c7b50 (diff)

diff --git a/drivers/isdn/capi/capidrv.c b/drivers/isdn/capi/capidrv.c index 2a49cea0a223..23b6f7bc16b7 100644 --- a/drivers/isdn/capi/capidrv.c +++ b/drivers/isdn/capi/capidrv.c
@@ -990,6 +990,7 @@ static void handle_plci(_cmsg * cmsg)
990	capidrv_contr *card = findcontrbynumber(cmsg->adr.adrController & 0x7f);	990	capidrv_contr *card = findcontrbynumber(cmsg->adr.adrController & 0x7f);
991	capidrv_plci *plcip;	991	capidrv_plci *plcip;
992	isdn_ctrl cmd;	992	isdn_ctrl cmd;
		993	_cdebbuf *cdb;
993		994
994	if (!card) {	995	if (!card) {
995	printk(KERN_ERR "capidrv: %s from unknown controller 0x%x\n",	996	printk(KERN_ERR "capidrv: %s from unknown controller 0x%x\n",
@@ -1122,8 +1123,15 @@ static void handle_plci(_cmsg * cmsg)
1122	break;	1123	break;
1123	}	1124	}
1124	}	1125	}
1125	printk(KERN_ERR "capidrv-%d: %s\n",	1126	cdb = capi_cmsg2str(cmsg);
1126	card->contrnr, capi_cmsg2str(cmsg));	1127	if (cdb) {
		1128	printk(KERN_WARNING "capidrv-%d: %s\n",
		1129	card->contrnr, cdb->buf);
		1130	cdebbuf_free(cdb);
		1131	} else
		1132	printk(KERN_WARNING "capidrv-%d: CAPI_INFO_IND InfoNumber %x not handled\n",
		1133	card->contrnr, cmsg->InfoNumber);
		1134
1127	break;	1135	break;
1128		1136
1129	case CAPI_CONNECT_ACTIVE_CONF: /* plci */	1137	case CAPI_CONNECT_ACTIVE_CONF: /* plci */
@@ -1371,10 +1379,18 @@ static _cmsg s_cmsg;
1371	static void capidrv_recv_message(struct capi20_appl ap, struct sk_buff skb)	1379	static void capidrv_recv_message(struct capi20_appl ap, struct sk_buff skb)
1372	{	1380	{
1373	capi_message2cmsg(&s_cmsg, skb->data);	1381	capi_message2cmsg(&s_cmsg, skb->data);
1374	if (debugmode > 3)	1382	if (debugmode > 3) {
1375	printk(KERN_DEBUG "capidrv_signal: applid=%d %s\n",	1383	_cdebbuf *cdb = capi_cmsg2str(&s_cmsg);
1376	ap->applid, capi_cmsg2str(&s_cmsg));	1384
1377		1385	if (cdb) {
		1386	printk(KERN_DEBUG "%s: applid=%d %s\n", __FUNCTION__,
		1387	ap->applid, cdb->buf);
		1388	cdebbuf_free(cdb);
		1389	} else
		1390	printk(KERN_DEBUG "%s: applid=%d %s not traced\n",
		1391	__FUNCTION__, ap->applid,
		1392	capi_cmd2str(s_cmsg.Command, s_cmsg.Subcommand));
		1393	}
1378	if (s_cmsg.Command == CAPI_DATA_B3	1394	if (s_cmsg.Command == CAPI_DATA_B3
1379	&& s_cmsg.Subcommand == CAPI_IND) {	1395	&& s_cmsg.Subcommand == CAPI_IND) {
1380	handle_data(&s_cmsg, skb);	1396	handle_data(&s_cmsg, skb);