make sure sr_bcount, sr_rqtid and sr_rquid are wrote in alignment-safe way

problem pointed out by Martin Husemann while here, turn some checks/SMBERROR()s to #ifdef DIAGNOSTIC panic()s
2003-02-24 21:13:13 +00:00 · 2003-02-24 21:13:13 +00:00 · c672cc0379
commit c672cc0379
parent 580397c542
3 changed files with 32 additions and 27 deletions
--- a/sys/netsmb/smb_iod.c
+++ b/sys/netsmb/smb_iod.c
@ -1,4 +1,4 @@
-/*	$NetBSD: smb_iod.c,v 1.5 2003/02/18 10:18:53 jdolecek Exp $	*/
+/*	$NetBSD: smb_iod.c,v 1.6 2003/02/24 21:13:13 jdolecek Exp $	*/

 /*
 * Copyright (c) 2000-2001 Boris Popov
@ -230,12 +230,14 @@ smb_iod_sendrq(struct smbiod *iod, struct smb_rq *rqp)
 		break;
 	}
 	if (rqp->sr_sendcnt == 0) {
+		u_int16_t tid = ssp ? ssp->ss_tid : SMB_TID_UNKNOWN;
+		u_int16_t rquid = vcp ? vcp->vc_smbuid : 0;
 #ifdef movedtoanotherplace
 		if (vcp->vc_maxmux != 0 && iod->iod_muxcnt >= vcp->vc_maxmux)
 			return 0;
 #endif
-		*rqp->sr_rqtid = htole16(ssp ? ssp->ss_tid : SMB_TID_UNKNOWN);
-		*rqp->sr_rquid = htole16(vcp ? vcp->vc_smbuid : 0);
+		SMBRQ_PUTLE16(rqp->sr_rqtid, tid);
+		SMBRQ_PUTLE16(rqp->sr_rquid, rquid);
 		mb_fixhdr(&rqp->sr_rq);
 	}
 	if (rqp->sr_sendcnt++ > 5) {
--- a/sys/netsmb/smb_rq.c
+++ b/sys/netsmb/smb_rq.c
@ -1,4 +1,4 @@
-/*	$NetBSD: smb_rq.c,v 1.8 2003/02/24 19:31:45 jdolecek Exp $	*/
+/*	$NetBSD: smb_rq.c,v 1.9 2003/02/24 21:13:13 jdolecek Exp $	*/

 /*
 * Copyright (c) 2000-2001, Boris Popov
@ -128,9 +128,9 @@ smb_rq_new(struct smb_rq *rqp, u_char cmd)
 	mb_put_uint8(mbp, vcp->vc_hflags);
 	mb_put_uint16le(mbp, vcp->vc_hflags2);
 	mb_put_mem(mbp, tzero, 12, MB_MSYSTEM);
-	rqp->sr_rqtid = (u_int16_t*)mb_reserve(mbp, sizeof(u_int16_t));
+	rqp->sr_rqtid = mb_reserve(mbp, sizeof(u_int16_t));
 	mb_put_uint16le(mbp, 1 /*scred->sc_p->p_pid & 0xffff*/);
-	rqp->sr_rquid = (u_int16_t*)mb_reserve(mbp, sizeof(u_int16_t));
+	rqp->sr_rquid = mb_reserve(mbp, sizeof(u_int16_t));
 	mb_put_uint16le(mbp, rqp->sr_mid);
 	return 0;
 }
@ -216,35 +216,34 @@ smb_rq_wstart(struct smb_rq *rqp)
 void
 smb_rq_wend(struct smb_rq *rqp)
 {
-	if (rqp->sr_wcount == NULL) {
-		SMBERROR("no wcount\n");	/* actually panic */
-		return;
-	}
+#ifdef DIAGNOSTIC
+	if (rqp->sr_wcount == NULL)
+		panic("smb_rq_wend: no wcount");
 	if (rqp->sr_rq.mb_count & 1)
-		SMBERROR("odd word count\n");
-	*rqp->sr_wcount = rqp->sr_rq.mb_count / 2;
+		panic("smb_rq_wend: odd word count");
+#endif
+	rqp->sr_wcount[0] = rqp->sr_rq.mb_count / 2;
 }

 void
 smb_rq_bstart(struct smb_rq *rqp)
 {
-	rqp->sr_bcount = (u_short*)mb_reserve(&rqp->sr_rq, sizeof(u_short));
+	rqp->sr_bcount = mb_reserve(&rqp->sr_rq, sizeof(u_int16_t));
 	rqp->sr_rq.mb_count = 0;
 }

 void
 smb_rq_bend(struct smb_rq *rqp)
 {
-	int bcnt;
+	u_int16_t bcnt = rqp->sr_rq.mb_count;

-	if (rqp->sr_bcount == NULL) {
-		SMBERROR("no bcount\n");	/* actually panic */
-		return;
-	}
-	bcnt = rqp->sr_rq.mb_count;
-	if (bcnt > 0xffff)
-		SMBERROR("byte count too large (%d)\n", bcnt);
-	*rqp->sr_bcount = htole16(bcnt);
+#ifdef DIAGNOSTIC
+	if (rqp->sr_bcount == NULL)
+		panic("smb_rq_bend: no bcount");
+	if (rqp->sr_rq.mb_count > 0xffff)
+		panic("smb_rq_bend: byte count too large (%d)", bcnt);
+#endif
+	SMBRQ_PUTLE16(rqp->sr_bcount, bcnt);
 }

 int
--- a/sys/netsmb/smb_rq.h
+++ b/sys/netsmb/smb_rq.h
@ -1,4 +1,4 @@
-/*	$NetBSD: smb_rq.h,v 1.2 2002/01/04 02:39:44 deberg Exp $	*/
+/*	$NetBSD: smb_rq.h,v 1.3 2003/02/24 21:13:13 jdolecek Exp $	*/

 /*
 * Copyright (c) 2000-2001, Boris Popov
@ -61,6 +61,10 @@
 #define SMBRQ_SUNLOCK(rqp)	smb_sl_unlock(&(rqp)->sr_slock)
 #define SMBRQ_SLOCKPTR(rqp)	(&(rqp)->sr_slock)

+/* save 16bit 'what' to memory pointed out by 'where' in little-endian format */
+#define SMBRQ_PUTLE16(where, what)	\
+	(where)[0] = (what) & 0xff;	\
+	(where)[1] = (what) >> 8

 enum smbrq_state {
 	SMBRQ_NOTSENT,		/* rq have data to send */
@ -80,8 +84,8 @@ struct smb_rq {
 	struct mbchain		sr_rq;
 	u_int8_t		sr_rqflags;
 	u_int16_t		sr_rqflags2;
-	u_char *		sr_wcount;
-	u_short *		sr_bcount;
+	u_int8_t *		sr_wcount;
+	u_int8_t *		sr_bcount;
 	struct mdchain		sr_rp;
 	int			sr_rpgen;
 	int			sr_rplast;
@ -93,8 +97,8 @@ struct smb_rq {
 	int			sr_sendcnt;
 	struct timeval	 	sr_timesent;
 	int			sr_lerror;
-	u_int16_t *		sr_rqtid;
-	u_int16_t *		sr_rquid;
+	u_int8_t *		sr_rqtid;
+	u_int8_t *		sr_rquid;
 	u_int8_t		sr_errclass;
 	u_int16_t		sr_serror;
 	u_int32_t		sr_error;