Module Name: src Committed By: christos Date: Sun Jan 2 21:03:45 UTC 2011
Modified Files: src/sys/net: bpf.c Log Message: kern/44310: Alexander Nasonov: write to /dev/bpf truncates size_t to int To generate a diff of this commit: cvs rdiff -u -r1.159 -r1.160 src/sys/net/bpf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/sys/net/bpf.c diff -u src/sys/net/bpf.c:1.159 src/sys/net/bpf.c:1.160 --- src/sys/net/bpf.c:1.159 Wed Dec 8 12:10:13 2010 +++ src/sys/net/bpf.c Sun Jan 2 16:03:45 2011 @@ -1,4 +1,4 @@ -/* $NetBSD: bpf.c,v 1.159 2010/12/08 17:10:13 pooka Exp $ */ +/* $NetBSD: bpf.c,v 1.160 2011/01/02 21:03:45 christos Exp $ */ /* * Copyright (c) 1990, 1991, 1993 @@ -39,7 +39,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: bpf.c,v 1.159 2010/12/08 17:10:13 pooka Exp $"); +__KERNEL_RCSID(0, "$NetBSD: bpf.c,v 1.160 2011/01/02 21:03:45 christos Exp $"); #if defined(_KERNEL_OPT) #include "opt_bpf.h" @@ -134,7 +134,7 @@ static void bpf_freed(struct bpf_d *); static void bpf_ifname(struct ifnet *, struct ifreq *); static void *bpf_mcpy(void *, const void *, size_t); -static int bpf_movein(struct uio *, int, int, +static int bpf_movein(struct uio *, int, uint64_t, struct mbuf **, struct sockaddr *); static void bpf_attachd(struct bpf_d *, struct bpf_if *); static void bpf_detachd(struct bpf_d *); @@ -179,14 +179,14 @@ }; static int -bpf_movein(struct uio *uio, int linktype, int mtu, struct mbuf **mp, +bpf_movein(struct uio *uio, int linktype, uint64_t mtu, struct mbuf **mp, struct sockaddr *sockp) { struct mbuf *m; int error; - int len; - int hlen; - int align; + size_t len; + size_t hlen; + size_t align; /* * Build a sockaddr based on the data link layer type. @@ -253,7 +253,7 @@ * If there aren't enough bytes for a link level header or the * packet length exceeds the interface mtu, return an error. */ - if (len < hlen || len - hlen > mtu) + if (len - hlen > mtu) return (EMSGSIZE); /* @@ -261,13 +261,13 @@ * bail if it won't fit in a single mbuf. * (Take into account possible alignment bytes) */ - if ((unsigned)len > MCLBYTES - align) + if (len + align > MCLBYTES) return (EIO); m = m_gethdr(M_WAIT, MT_DATA); m->m_pkthdr.rcvif = 0; - m->m_pkthdr.len = len - hlen; - if (len > MHLEN - align) { + m->m_pkthdr.len = (int)(len - hlen); + if (len + align > MHLEN) { m_clget(m, M_WAIT); if ((m->m_flags & M_EXT) == 0) { error = ENOBUFS; @@ -278,7 +278,7 @@ /* Insure the data is properly aligned */ if (align > 0) { m->m_data += align; - m->m_len -= align; + m->m_len -= (int)align; } error = uiomove(mtod(m, void *), len, uio); @@ -289,7 +289,7 @@ m->m_data += hlen; /* XXX */ len -= hlen; } - m->m_len = len; + m->m_len = (int)len; *mp = m; return (0);