Module Name: src
Committed By: christos
Date: Sun Jun 12 00:07:19 UTC 2011
Modified Files:
src/sys/net80211: ieee80211_acl.c ieee80211_ioctl.c ieee80211_ioctl.h
Log Message:
Change i_len in ieee80211req to be unsigned and fix other signed/unsigned
issues. From Dan Rosenberg (drosenberg at vsecurity dot com).
To generate a diff of this commit:
cvs rdiff -u -r1.8 -r1.9 src/sys/net80211/ieee80211_acl.c
cvs rdiff -u -r1.55 -r1.56 src/sys/net80211/ieee80211_ioctl.c
cvs rdiff -u -r1.19 -r1.20 src/sys/net80211/ieee80211_ioctl.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/net80211/ieee80211_acl.c
diff -u src/sys/net80211/ieee80211_acl.c:1.8 src/sys/net80211/ieee80211_acl.c:1.9
--- src/sys/net80211/ieee80211_acl.c:1.8 Wed Dec 17 15:51:37 2008
+++ src/sys/net80211/ieee80211_acl.c Sat Jun 11 20:07:19 2011
@@ -34,7 +34,7 @@
__FBSDID("$FreeBSD: src/sys/net80211/ieee80211_acl.c,v 1.4 2005/08/13 17:31:48 sam Exp $");
#endif
#ifdef __NetBSD__
-__KERNEL_RCSID(0, "$NetBSD: ieee80211_acl.c,v 1.8 2008/12/17 20:51:37 cegger Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ieee80211_acl.c,v 1.9 2011/06/12 00:07:19 christos Exp $");
#endif
/*
@@ -79,7 +79,7 @@
struct aclstate {
acl_lock_t as_lock;
int as_policy;
- int as_nacls;
+ uint32_t as_nacls;
TAILQ_HEAD(, acl) as_list; /* list of all ACL's */
LIST_HEAD(, acl) as_hash[ACL_HASHSIZE];
struct ieee80211com *as_ic;
@@ -281,7 +281,8 @@
struct aclstate *as = ic->ic_as;
struct acl *acl;
struct ieee80211req_maclist *ap;
- int error, space, i;
+ int error;
+ uint32_t i, space;
switch (ireq->i_val) {
case IEEE80211_MACCMD_POLICY:
Index: src/sys/net80211/ieee80211_ioctl.c
diff -u src/sys/net80211/ieee80211_ioctl.c:1.55 src/sys/net80211/ieee80211_ioctl.c:1.56
--- src/sys/net80211/ieee80211_ioctl.c:1.55 Sat Apr 2 04:11:32 2011
+++ src/sys/net80211/ieee80211_ioctl.c Sat Jun 11 20:07:19 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: ieee80211_ioctl.c,v 1.55 2011/04/02 08:11:32 mbalmer Exp $ */
+/* $NetBSD: ieee80211_ioctl.c,v 1.56 2011/06/12 00:07:19 christos Exp $ */
/*-
* Copyright (c) 2001 Atsushi Onoe
* Copyright (c) 2002-2005 Sam Leffler, Errno Consulting
@@ -36,7 +36,7 @@
__FBSDID("$FreeBSD: src/sys/net80211/ieee80211_ioctl.c,v 1.35 2005/08/30 14:27:47 avatar Exp $");
#endif
#ifdef __NetBSD__
-__KERNEL_RCSID(0, "$NetBSD: ieee80211_ioctl.c,v 1.55 2011/04/02 08:11:32 mbalmer Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ieee80211_ioctl.c,v 1.56 2011/06/12 00:07:19 christos Exp $");
#endif
/*
@@ -932,9 +932,8 @@
{
size_t len = ireq->i_len;
- if (sizeof(ic->ic_chan_active) < len) {
+ if (len > sizeof(ic->ic_chan_active))
len = sizeof(ic->ic_chan_active);
- }
return copyout(&ic->ic_chan_active, ireq->i_data, len);
}
@@ -942,7 +941,8 @@
ieee80211_ioctl_getchaninfo(struct ieee80211com *ic, struct ieee80211req *ireq)
{
struct ieee80211req_chaninfo *chans;
- int i, space, error;
+ uint32_t i, space;
+ int error;
/*
* Since channel 0 is not available for DS, channel 1
@@ -1004,7 +1004,7 @@
{
struct ieee80211_node *ni;
u_int8_t macaddr[IEEE80211_ADDR_LEN];
- const int off = __offsetof(struct ieee80211req_sta_stats, is_stats);
+ const size_t off = __offsetof(struct ieee80211req_sta_stats, is_stats);
int error;
if (ireq->i_len < off)
@@ -1075,7 +1075,8 @@
struct ieee80211req_scan_result *sr = &u.res;
struct ieee80211_node_table *nt;
struct ieee80211_node *ni;
- int error, space;
+ int error;
+ uint32_t space;
u_int8_t *p, *cp;
p = ireq->i_data;
Index: src/sys/net80211/ieee80211_ioctl.h
diff -u src/sys/net80211/ieee80211_ioctl.h:1.19 src/sys/net80211/ieee80211_ioctl.h:1.20
--- src/sys/net80211/ieee80211_ioctl.h:1.19 Mon Jul 28 13:54:02 2008
+++ src/sys/net80211/ieee80211_ioctl.h Sat Jun 11 20:07:19 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: ieee80211_ioctl.h,v 1.19 2008/07/28 17:54:02 christos Exp $ */
+/* $NetBSD: ieee80211_ioctl.h,v 1.20 2011/06/12 00:07:19 christos Exp $ */
/*-
* Copyright (c) 2001 Atsushi Onoe
* Copyright (c) 2002-2005 Sam Leffler, Errno Consulting
@@ -413,7 +413,7 @@
char i_name[IFNAMSIZ]; /* if_name, e.g. "wi0" */
u_int16_t i_type; /* req type */
int16_t i_val; /* Index or simple value */
- int16_t i_len; /* Index or simple value */
+ u_int16_t i_len; /* Index or simple value */
void *i_data; /* Extra data */
};
