more KNF. warn about mbuf misuse (passing pointer outside of mbuf is dangerous)
This commit is contained in:
itojun
parent
de84d710a4
commit
a028d35cfd
@ -1,4 +1,4 @@
|
||||
/* $NetBSD: if_pppoe.c,v 1.25 2002/06/22 05:33:42 itojun Exp $ */
|
||||
/* $NetBSD: if_pppoe.c,v 1.26 2002/06/22 05:52:00 itojun Exp $ */
|
||||
|
||||
/*-
|
||||
* Copyright (c) 2002 The NetBSD Foundation, Inc.
|
||||
@ -37,7 +37,7 @@
|
||||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(0, "$NetBSD: if_pppoe.c,v 1.25 2002/06/22 05:33:42 itojun Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: if_pppoe.c,v 1.26 2002/06/22 05:52:00 itojun Exp $");
|
||||
|
||||
#include "pppoe.h"
|
||||
#include "bpfilter.h"
|
||||
@ -116,7 +116,7 @@ struct pppoe_softc {
|
||||
struct sppp sc_sppp; /* contains a struct ifnet as first element */
|
||||
LIST_ENTRY(pppoe_softc) sc_list;
|
||||
struct ifnet *sc_eth_if; /* ethernet interface we are using */
|
||||
|
||||
|
||||
int sc_state; /* discovery phase or session connected */
|
||||
struct ether_addr sc_dest; /* hardware address of concentrator */
|
||||
u_int16_t sc_session; /* PPPoE session id */
|
||||
@ -151,7 +151,7 @@ static void pppoe_dispatch_disc_pkt(u_int8_t *, size_t, struct ifnet *, struct e
|
||||
static void pppoe_data_input(struct mbuf *m);
|
||||
|
||||
/* management routines */
|
||||
void pppoeattach(int count);
|
||||
void pppoeattach(int);
|
||||
static int pppoe_connect(struct pppoe_softc *);
|
||||
static int pppoe_disconnect(struct pppoe_softc *);
|
||||
static void pppoe_abort_connect(struct pppoe_softc *);
|
||||
@ -161,7 +161,7 @@ static void pppoe_tlf(struct sppp *);
|
||||
static void pppoe_start(struct ifnet *);
|
||||
|
||||
/* internal timeout handling */
|
||||
static void pppoe_timeout(void*);
|
||||
static void pppoe_timeout(void *);
|
||||
|
||||
/* sending actual protocol controll packets */
|
||||
static int pppoe_send_padi(struct pppoe_softc *);
|
||||
@ -169,7 +169,7 @@ static int pppoe_send_padr(struct pppoe_softc *);
|
||||
static int pppoe_send_padt(struct pppoe_softc *);
|
||||
|
||||
/* raw output */
|
||||
static int pppoe_output(struct pppoe_softc *sc, struct mbuf *m);
|
||||
static int pppoe_output(struct pppoe_softc *, struct mbuf *);
|
||||
|
||||
/* internal helper functions */
|
||||
static struct pppoe_softc * pppoe_find_softc_by_session(u_int, struct ifnet *);
|
||||
@ -231,7 +231,7 @@ pppoe_clone_create(ifc, unit)
|
||||
sc->sc_sppp.pp_tls = pppoe_tls;
|
||||
sc->sc_sppp.pp_tlf = pppoe_tlf;
|
||||
sc->sc_sppp.pp_framebytes = PPPOE_HEADERLEN; /* framing added to ppp packets */
|
||||
|
||||
|
||||
if_attach(&sc->sc_sppp.pp_if);
|
||||
sppp_attach(&sc->sc_sppp.pp_if);
|
||||
|
||||
@ -268,7 +268,8 @@ pppoe_find_softc_by_session(u_int session, struct ifnet *rcvif)
|
||||
{
|
||||
struct pppoe_softc *sc;
|
||||
|
||||
if (session == 0) return NULL;
|
||||
if (session == 0)
|
||||
return NULL;
|
||||
|
||||
LIST_FOREACH(sc, &pppoe_softc_list, sc_list) {
|
||||
if (sc->sc_state == PPPOE_STATE_SESSION
|
||||
@ -289,9 +290,11 @@ pppoe_find_softc_by_hunique(u_int8_t *token, size_t len, struct ifnet *rcvif)
|
||||
{
|
||||
struct pppoe_softc *sc, *t;
|
||||
|
||||
if (LIST_EMPTY(&pppoe_softc_list)) return NULL;
|
||||
if (LIST_EMPTY(&pppoe_softc_list))
|
||||
return NULL;
|
||||
|
||||
if (len != sizeof sc) return NULL;
|
||||
if (len != sizeof sc)
|
||||
return NULL;
|
||||
memcpy(&t, token, len);
|
||||
|
||||
LIST_FOREACH(sc, &pppoe_softc_list, sc_list)
|
||||
@ -395,7 +398,7 @@ static void pppoe_dispatch_disc_pkt(u_int8_t *p, size_t size, struct ifnet *rcvi
|
||||
if (plen > size) {
|
||||
printf("pppoe: packet content does not fit: data available = %ld, packet size = %ld\n",
|
||||
(long)size, (long)plen);
|
||||
return;
|
||||
return;
|
||||
}
|
||||
size = plen; /* ignore trailing garbage */
|
||||
tag = 0;
|
||||
@ -523,7 +526,8 @@ pppoe_disc_input(struct mbuf *m)
|
||||
|
||||
/* avoid error messages if there is not a single pppoe instance */
|
||||
if (!LIST_EMPTY(&pppoe_softc_list)) {
|
||||
eh = mtod(m, struct ether_header*);
|
||||
/* XXX it is not valid to pass pointer outside of mbuf */
|
||||
eh = mtod(m, struct ether_header *);
|
||||
m_adj(m, sizeof(struct ether_header));
|
||||
p = mtod(m, u_int8_t*);
|
||||
KASSERT(m->m_flags & M_PKTHDR);
|
||||
@ -588,7 +592,7 @@ pppoe_data_input(struct mbuf *m)
|
||||
printf("\n");
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
if (m->m_pkthdr.len < plen)
|
||||
goto drop;
|
||||
|
||||
@ -734,7 +738,7 @@ pppoe_get_mbuf(size_t len)
|
||||
MGETHDR(m, M_DONTWAIT, MT_DATA);
|
||||
if (m == NULL)
|
||||
return NULL;
|
||||
if (len+sizeof(struct ether_header) > MHLEN) {
|
||||
if (len + sizeof(struct ether_header) > MHLEN) {
|
||||
MCLGET(m, M_DONTWAIT);
|
||||
if ((m->m_flags & M_EXT) == 0) {
|
||||
struct mbuf *n;
|
||||
@ -761,19 +765,20 @@ pppoe_send_padi(struct pppoe_softc *sc)
|
||||
panic("pppoe_send_padi in state %d", sc->sc_state);
|
||||
|
||||
/* calculate length of frame (excluding ethernet header + pppoe header) */
|
||||
len = 2+2+2+2+sizeof sc; /* service name tag is required, host unique is send too */
|
||||
len = 2 + 2 + 2 + 2 + sizeof sc; /* service name tag is required, host unique is send too */
|
||||
if (sc->sc_service_name != NULL) {
|
||||
l1 = strlen(sc->sc_service_name);
|
||||
len += l1;
|
||||
}
|
||||
if (sc->sc_concentrator_name != NULL) {
|
||||
l2 = strlen(sc->sc_concentrator_name);
|
||||
len += 2+2+l2;
|
||||
len += 2 + 2 + l2;
|
||||
}
|
||||
|
||||
/* allocate a buffer */
|
||||
m0 = pppoe_get_mbuf(len+PPPOE_HEADERLEN); /* header len + payload len */
|
||||
if (!m0) return ENOBUFS;
|
||||
m0 = pppoe_get_mbuf(len + PPPOE_HEADERLEN); /* header len + payload len */
|
||||
if (!m0)
|
||||
return ENOBUFS;
|
||||
|
||||
/* fill in pkt */
|
||||
p = mtod(m0, u_int8_t*);
|
||||
@ -959,15 +964,16 @@ pppoe_send_padr(struct pppoe_softc *sc)
|
||||
if (sc->sc_state != PPPOE_STATE_PADR_SENT)
|
||||
return EIO;
|
||||
|
||||
len = 2+2+2+2+sizeof(sc); /* service name, host unique */
|
||||
len = 2 + 2 + 2 + 2 + sizeof(sc); /* service name, host unique */
|
||||
if (sc->sc_service_name != NULL) { /* service name tag maybe empty */
|
||||
l1 = strlen(sc->sc_service_name);
|
||||
len += l1;
|
||||
}
|
||||
if (sc->sc_ac_cookie_len > 0)
|
||||
len += 2+2+sc->sc_ac_cookie_len; /* AC cookie */
|
||||
m0 = pppoe_get_mbuf(len+PPPOE_HEADERLEN);
|
||||
if (!m0) return ENOBUFS;
|
||||
len += 2 + 2 + sc->sc_ac_cookie_len; /* AC cookie */
|
||||
m0 = pppoe_get_mbuf(len + PPPOE_HEADERLEN);
|
||||
if (!m0)
|
||||
return ENOBUFS;
|
||||
p = mtod(m0, u_int8_t*);
|
||||
PPPOE_ADD_HEADER(p, PPPOE_CODE_PADR, 0, len);
|
||||
PPPOE_ADD_16(p, PPPOE_TAG_SNAME);
|
||||
@ -1012,7 +1018,8 @@ pppoe_send_padt(struct pppoe_softc *sc)
|
||||
printf("%s: sending PADT\n", sc->sc_sppp.pp_if.if_xname);
|
||||
#endif
|
||||
m0 = pppoe_get_mbuf(PPPOE_HEADERLEN);
|
||||
if (!m0) return ENOBUFS;
|
||||
if (!m0)
|
||||
return ENOBUFS;
|
||||
p = mtod(m0, u_int8_t*);
|
||||
PPPOE_ADD_HEADER(p, PPPOE_CODE_PADT, sc->sc_session, 0);
|
||||
return pppoe_output(sc, m0);
|
||||
@ -1021,7 +1028,7 @@ pppoe_send_padt(struct pppoe_softc *sc)
|
||||
static void
|
||||
pppoe_tls(struct sppp *sp)
|
||||
{
|
||||
struct pppoe_softc *sc = (void*)sp;
|
||||
struct pppoe_softc *sc = (void *)sp;
|
||||
if (sc->sc_state != PPPOE_STATE_INITIAL)
|
||||
return;
|
||||
pppoe_connect(sc);
|
||||
@ -1030,7 +1037,7 @@ pppoe_tls(struct sppp *sp)
|
||||
static void
|
||||
pppoe_tlf(struct sppp *sp)
|
||||
{
|
||||
struct pppoe_softc *sc = (void*)sp;
|
||||
struct pppoe_softc *sc = (void *)sp;
|
||||
if (sc->sc_state < PPPOE_STATE_SESSION)
|
||||
return;
|
||||
/*
|
||||
@ -1045,7 +1052,7 @@ pppoe_tlf(struct sppp *sp)
|
||||
static void
|
||||
pppoe_start(struct ifnet *ifp)
|
||||
{
|
||||
struct pppoe_softc *sc = (void*)ifp;
|
||||
struct pppoe_softc *sc = (void *)ifp;
|
||||
struct mbuf *m;
|
||||
u_int8_t *p;
|
||||
size_t len;
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user