Re: Doubt about some kernel definitions..

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Marcos,

I've added the kernel-janitors and driver-devel to the CC list.  Btw,
in particular for patches, you should always CC at least one email
list.

The stuff in ttypes.h is messed up in a couple ways.

typedef int             BOOL;

BOOL should be bool, but int is 32 bits and bool is 1 bit so this is
not a white space change.  You need to check every place that uses
BOOL to make sure changing it does not introduce a bug.

typedef unsigned char   BYTE;           //  8-bit

This one is simple.  Change all these places to u8.

typedef unsigned short  WORD;           // 16-bit

This is weird because you'd normally think of a word as an int.
Changing all of these to u16 won't introduce any bugs, but you should
check all the places to make sure there isn't a bug already there.

typedef unsigned long   DWORD;          // 32-bit

unsigned long is 32bit on 32 bit systems and 64 bit on 64 bit systems
so you'd need to look at each place this is used and see what is
correct.  It could be u32, int, unsigned long, etc.

typedef unsigned long   ULONG_PTR;      // 32-bit

I looked at how ULONG_PTR was used and it's normally something like
this:

        unsigned int uLen = pRSNWPA->len + 2;

        if (uLen <= (uIELength -
                     (unsigned int) (ULONG_PTR) ((PBYTE) pRSNWPA - pbyIEs))) {
                pBSSList->wWPALen = uLen;
                memcpy(pBSSList->byWPAIE, pRSNWPA, uLen);
                WPA_ParseRSN(pBSSList, pRSNWPA);
        }

This looks wrong to me.
1) It's doing pointer math and pointers are 64 bit on x86_64 systems.
Then it's truncating the upper bits away.  Not a big deal in this
case, but it's ugly.

2) uIELength is unsigned so a negative value for the subtraction gets
turned into a large positive value and the test becomes meaningless.
Possibly leading to memory corruption.  This particular code is
parsing data from over the network so it could be a remote security
problem.

Basically when you're doing this kind of work keep your eyes open for
any other bugs you can spot.  It's not just a matter of running sed
over the driver.

regards,
dan carpenter

Attachment: signature.asc
Description: Digital signature


[Index of Archives]     [Kernel Development]     [Kernel Announce]     [Kernel Newbies]     [Linux Networking Development]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Device Mapper]

  Powered by Linux