X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=drivers%2Fisdn%2Fi4l%2Fisdn_ppp.c;h=918742271c79f6e617bec47ab38bcca52eda3483;hb=43bc926fffd92024b46cafaf7350d669ba9ca884;hp=a11be53573d096d013c1e384d494f07efcaff50e;hpb=9bf4aaab3e101692164d49b7ca357651eb691cb6;p=linux-2.6.git diff --git a/drivers/isdn/i4l/isdn_ppp.c b/drivers/isdn/i4l/isdn_ppp.c index a11be5357..918742271 100644 --- a/drivers/isdn/i4l/isdn_ppp.c +++ b/drivers/isdn/i4l/isdn_ppp.c @@ -109,7 +109,7 @@ isdn_ppp_free(isdn_net_local * lp) { struct ippp_struct *is; - if (lp->ppp_slot < 0 || lp->ppp_slot > ISDN_MAX_CHANNELS) { + if (lp->ppp_slot < 0 || lp->ppp_slot >= ISDN_MAX_CHANNELS) { printk(KERN_ERR "%s: ppp_slot(%d) out of range\n", __FUNCTION__, lp->ppp_slot); return 0; @@ -126,7 +126,7 @@ isdn_ppp_free(isdn_net_local * lp) lp->netdev->pb->ref_ct--; spin_unlock(&lp->netdev->pb->lock); #endif /* CONFIG_ISDN_MPP */ - if (lp->ppp_slot < 0 || lp->ppp_slot > ISDN_MAX_CHANNELS) { + if (lp->ppp_slot < 0 || lp->ppp_slot >= ISDN_MAX_CHANNELS) { printk(KERN_ERR "%s: ppp_slot(%d) now invalid\n", __FUNCTION__, lp->ppp_slot); return 0; @@ -279,7 +279,7 @@ isdn_ppp_open(int min, struct file *file) int slot; struct ippp_struct *is; - if (min < 0 || min > ISDN_MAX_CHANNELS) + if (min < 0 || min >= ISDN_MAX_CHANNELS) return -ENODEV; slot = isdn_ppp_get_slot(); @@ -364,10 +364,8 @@ isdn_ppp_release(int min, struct file *file) isdn_net_hangup(&p->dev); } for (i = 0; i < NUM_RCV_BUFFS; i++) { - if (is->rq[i].buf) { - kfree(is->rq[i].buf); - is->rq[i].buf = NULL; - } + kfree(is->rq[i].buf); + is->rq[i].buf = NULL; } is->first = is->rq + NUM_RCV_BUFFS - 1; /* receive queue */ is->last = is->rq; @@ -378,14 +376,10 @@ isdn_ppp_release(int min, struct file *file) is->slcomp = NULL; #endif #ifdef CONFIG_IPPP_FILTER - if (is->pass_filter) { - kfree(is->pass_filter); - is->pass_filter = NULL; - } - if (is->active_filter) { - kfree(is->active_filter); - is->active_filter = NULL; - } + kfree(is->pass_filter); + is->pass_filter = NULL; + kfree(is->active_filter); + is->active_filter = NULL; #endif /* TODO: if this was the previous master: link the stuff to the new master */ @@ -764,7 +758,6 @@ isdn_ppp_read(int min, struct file *file, char __user *buf, int count) { struct ippp_struct *is; struct ippp_buf_queue *b; - int r; u_long flags; u_char *save_buf; @@ -773,8 +766,8 @@ isdn_ppp_read(int min, struct file *file, char __user *buf, int count) if (!(is->state & IPPP_OPEN)) return 0; - if ((r = verify_area(VERIFY_WRITE, buf, count))) - return r; + if (!access_ok(VERIFY_WRITE, buf, count)) + return -EFAULT; spin_lock_irqsave(&is->buflock, flags); b = is->first->next; @@ -789,7 +782,8 @@ isdn_ppp_read(int min, struct file *file, char __user *buf, int count) is->first = b; spin_unlock_irqrestore(&is->buflock, flags); - copy_to_user(buf, save_buf, count); + if (copy_to_user(buf, save_buf, count)) + count = -EFAULT; kfree(save_buf); return count; @@ -915,8 +909,7 @@ isdn_ppp_cleanup(void) kfree(ippp_table[i]); #ifdef CONFIG_ISDN_MPP - if (isdn_ppp_bundle_arr) - kfree(isdn_ppp_bundle_arr); + kfree(isdn_ppp_bundle_arr); #endif /* CONFIG_ISDN_MPP */ } @@ -981,11 +974,10 @@ void isdn_ppp_receive(isdn_net_dev * net_dev, isdn_net_local * lp, struct sk_buf int slot; int proto; - if (net_dev->local->master) - BUG(); // we're called with the master device always + BUG_ON(net_dev->local->master); // we're called with the master device always slot = lp->ppp_slot; - if (slot < 0 || slot > ISDN_MAX_CHANNELS) { + if (slot < 0 || slot >= ISDN_MAX_CHANNELS) { printk(KERN_ERR "isdn_ppp_receive: lp->ppp_slot(%d)\n", lp->ppp_slot); kfree_skb(skb); @@ -1040,7 +1032,7 @@ isdn_ppp_push_higher(isdn_net_dev * net_dev, isdn_net_local * lp, struct sk_buff int slot; slot = lp->ppp_slot; - if (slot < 0 || slot > ISDN_MAX_CHANNELS) { + if (slot < 0 || slot >= ISDN_MAX_CHANNELS) { printk(KERN_ERR "isdn_ppp_push_higher: lp->ppp_slot(%d)\n", lp->ppp_slot); goto drop_packet; @@ -1050,7 +1042,7 @@ isdn_ppp_push_higher(isdn_net_dev * net_dev, isdn_net_local * lp, struct sk_buff if (lp->master) { // FIXME? mlp = (isdn_net_local *) lp->master->priv; slot = mlp->ppp_slot; - if (slot < 0 || slot > ISDN_MAX_CHANNELS) { + if (slot < 0 || slot >= ISDN_MAX_CHANNELS) { printk(KERN_ERR "isdn_ppp_push_higher: master->ppp_slot(%d)\n", lp->ppp_slot); goto drop_packet; @@ -1152,7 +1144,7 @@ isdn_ppp_push_higher(isdn_net_dev * net_dev, isdn_net_local * lp, struct sk_buff { u_int16_t *p = (u_int16_t *) skb->data; - *p = 0; /* indicate inbound in DLT_LINUX_SLL */ + *p = 0; /* indicate inbound */ } if (is->pass_filter @@ -1234,7 +1226,7 @@ isdn_ppp_xmit(struct sk_buff *skb, struct net_device *netdev) nd = mlp->netdev; /* get master lp */ slot = mlp->ppp_slot; - if (slot < 0 || slot > ISDN_MAX_CHANNELS) { + if (slot < 0 || slot >= ISDN_MAX_CHANNELS) { printk(KERN_ERR "isdn_ppp_xmit: lp->ppp_slot(%d)\n", mlp->ppp_slot); kfree_skb(skb); @@ -1272,7 +1264,7 @@ isdn_ppp_xmit(struct sk_buff *skb, struct net_device *netdev) /* we have our lp locked from now on */ slot = lp->ppp_slot; - if (slot < 0 || slot > ISDN_MAX_CHANNELS) { + if (slot < 0 || slot >= ISDN_MAX_CHANNELS) { printk(KERN_ERR "isdn_ppp_xmit: lp->ppp_slot(%d)\n", lp->ppp_slot); kfree_skb(skb); @@ -1293,12 +1285,12 @@ isdn_ppp_xmit(struct sk_buff *skb, struct net_device *netdev) /* check if we should pass this packet * the filter instructions are constructed assuming * a four-byte PPP header on each packet */ - skb_push(skb, 4); + *skb_push(skb, 4) = 1; /* indicate outbound */ { u_int16_t *p = (u_int16_t *) skb->data; - *p++ = htons(4); /* indicate outbound in DLT_LINUX_SLL */ + p++; *p = htons(proto); } @@ -1491,12 +1483,12 @@ int isdn_ppp_autodial_filter(struct sk_buff *skb, isdn_net_local *lp) * temporarily remove part of the fake header stuck on * earlier. */ - skb_pull(skb, IPPP_MAX_HEADER - 4); + *skb_pull(skb, IPPP_MAX_HEADER - 4) = 1; /* indicate outbound */ { u_int16_t *p = (u_int16_t *) skb->data; - *p++ = htons(4); /* indicate outbound in DLT_LINUX_SLL */ + p++; *p = htons(proto); } @@ -1578,7 +1570,7 @@ static int isdn_ppp_mp_init( isdn_net_local * lp, ippp_bundle * add_to ) lp->next = lp->last = lp; /* nobody else in a queue */ lp->netdev->pb->frags = NULL; lp->netdev->pb->frames = 0; - lp->netdev->pb->seq = LONG_MAX; + lp->netdev->pb->seq = UINT_MAX; } lp->netdev->pb->ref_ct++; @@ -1611,7 +1603,7 @@ static void isdn_ppp_mp_receive(isdn_net_dev * net_dev, isdn_net_local * lp, mp = net_dev->pb; stats = &mp->stats; slot = lp->ppp_slot; - if (slot < 0 || slot > ISDN_MAX_CHANNELS) { + if (slot < 0 || slot >= ISDN_MAX_CHANNELS) { printk(KERN_ERR "%s: lp->ppp_slot(%d)\n", __FUNCTION__, lp->ppp_slot); stats->frame_drops++; @@ -1648,7 +1640,7 @@ static void isdn_ppp_mp_receive(isdn_net_dev * net_dev, isdn_net_local * lp, is->last_link_seqno = minseq = newseq; for (lpq = net_dev->queue;;) { slot = lpq->ppp_slot; - if (slot < 0 || slot > ISDN_MAX_CHANNELS) { + if (slot < 0 || slot >= ISDN_MAX_CHANNELS) { printk(KERN_ERR "%s: lpq->ppp_slot(%d)\n", __FUNCTION__, lpq->ppp_slot); } else { @@ -1882,7 +1874,7 @@ void isdn_ppp_mp_reassembly( isdn_net_dev * net_dev, isdn_net_local * lp, struct sk_buff * skb; unsigned int tot_len; - if (lp->ppp_slot < 0 || lp->ppp_slot > ISDN_MAX_CHANNELS) { + if (lp->ppp_slot < 0 || lp->ppp_slot >= ISDN_MAX_CHANNELS) { printk(KERN_ERR "%s: lp->ppp_slot(%d) out of range\n", __FUNCTION__, lp->ppp_slot); return; @@ -1995,12 +1987,9 @@ isdn_ppp_dev_ioctl_stats(int slot, struct ifreq *ifr, struct net_device *dev) struct ppp_stats __user *res = ifr->ifr_data; struct ppp_stats t; isdn_net_local *lp = (isdn_net_local *) dev->priv; - int err; - err = verify_area(VERIFY_WRITE, res, sizeof(struct ppp_stats)); - - if (err) - return err; + if (!access_ok(VERIFY_WRITE, res, sizeof(struct ppp_stats))) + return -EFAULT; /* build a temporary stat struct and copy it to user space */ @@ -2537,8 +2526,7 @@ static struct sk_buff *isdn_ppp_decompress(struct sk_buff *skb,struct ippp_struc printk(KERN_DEBUG "ippp: no decompressor defined!\n"); return skb; } - if (!stat) // if we have a compressor, stat has been set as well - BUG(); + BUG_ON(!stat); // if we have a compressor, stat has been set as well if((master && *proto == PPP_COMP) || (!master && *proto == PPP_COMPFRAG) ) { // compressed packets are compressed by their protocol type @@ -2660,7 +2648,7 @@ static void isdn_ppp_receive_ccp(isdn_net_dev *net_dev, isdn_net_local *lp, printk(KERN_DEBUG "Received CCP frame from peer slot(%d)\n", lp->ppp_slot); - if (lp->ppp_slot < 0 || lp->ppp_slot > ISDN_MAX_CHANNELS) { + if (lp->ppp_slot < 0 || lp->ppp_slot >= ISDN_MAX_CHANNELS) { printk(KERN_ERR "%s: lp->ppp_slot(%d) out of range\n", __FUNCTION__, lp->ppp_slot); return; @@ -2670,7 +2658,7 @@ static void isdn_ppp_receive_ccp(isdn_net_dev *net_dev, isdn_net_local *lp, if(lp->master) { int slot = ((isdn_net_local *) (lp->master->priv))->ppp_slot; - if (slot < 0 || slot > ISDN_MAX_CHANNELS) { + if (slot < 0 || slot >= ISDN_MAX_CHANNELS) { printk(KERN_ERR "%s: slot(%d) out of range\n", __FUNCTION__, slot); return; @@ -2834,7 +2822,7 @@ static void isdn_ppp_send_ccp(isdn_net_dev *net_dev, isdn_net_local *lp, struct if(!skb || skb->len < 3) return; - if (slot < 0 || slot > ISDN_MAX_CHANNELS) { + if (slot < 0 || slot >= ISDN_MAX_CHANNELS) { printk(KERN_ERR "%s: lp->ppp_slot(%d) out of range\n", __FUNCTION__, slot); return; @@ -2857,7 +2845,7 @@ static void isdn_ppp_send_ccp(isdn_net_dev *net_dev, isdn_net_local *lp, struct if (lp->master) { slot = ((isdn_net_local *) (lp->master->priv))->ppp_slot; - if (slot < 0 || slot > ISDN_MAX_CHANNELS) { + if (slot < 0 || slot >= ISDN_MAX_CHANNELS) { printk(KERN_ERR "%s: slot(%d) out of range\n", __FUNCTION__, slot); return;