Re: [PATCH][2.2] drivers/net/net_init.c - bounds checking etc

Neale Banks (neale@lowendale.com.au)
Tue, 22 Jan 2002 00:33:50 +1100 (EST)

On Sun, 20 Jan 2002, Neale Banks wrote:

> Greetings,
>
> Appended patch (against 2.2.21-pre2) addresses:
>
> (1) lack of bounds checking of statically-dimensioned arrays
> such as *ethdev_index[MAX_ETH_CARDS]
>
> (2) unnecessary initialisation if i in etherdev_get_index()

<sigh>Corrected and tested patch appended.

> I notice also that init_etherdev() can return a NULL pointer. In earleir
> 2.2 I found a few ethernet drivers which do not contemplate this
> possibility. Presumably this should be cleaned up too?

Separate patch for eepro100 to follow.

Regards,
Neale.

--- linux-2.2.21-pre2-pristine/drivers/net/net_init.c Sat Nov 3 03:39:07 2001
+++ linux-2.2.21-pre2-ntb/drivers/net/net_init.c Mon Jan 21 22:53:42 2002
@@ -103,7 +103,12 @@
if (dev->priv) memset(dev->priv, 0, sizeof_priv);
goto found;
}
+ break; /* have found a non-initialised slot */
}
+ if (i>=MAX_ETH_CARDS) {
+ printk("init_etherdev: FATAL - too many eth devs.\n");
+ return NULL;
+ }

alloc_size &= ~3; /* Round to dword boundary. */

@@ -223,7 +228,12 @@
if (dev->priv) memset(dev->priv, 0, sizeof_priv);
goto hipfound;
}
+ break; /* have found a non-initialised slot */
}
+ if (i>=MAX_HIP_CARDS) {
+ printk("init_hippi_dev: FATAL - too many hip devs.\n");
+ return NULL;
+ }

alloc_size &= ~3; /* Round to dword boundary. */

@@ -269,6 +279,8 @@
break;
}
}
+ if (i>=MAX_HIP_CARDS)
+ printk("unregister_hipdev: WARNING - didn't find dev.\n");
rtnl_unlock();
}

@@ -468,8 +480,7 @@

static int etherdev_get_index(struct device *dev)
{
- int i=MAX_ETH_CARDS;
-
+ int i;
for (i = 0; i < MAX_ETH_CARDS; ++i) {
if (ethdev_index[i] == NULL) {
sprintf(dev->name, "eth%d", i);
@@ -490,6 +501,8 @@
break;
}
}
+ if (i>=MAX_ETH_CARDS)
+ printk("etherdev_put_index: WARNING - didn't find dev.\n");
}

int register_netdev(struct device *dev)
@@ -552,7 +565,12 @@
if (dev->priv) memset(dev->priv, 0, sizeof_priv);
goto trfound;
}
+ break; /* have found a non-initialised slot */
}
+ if (i>=MAX_TR_CARDS) {
+ printk("init_trdev: FATAL - too many tr devs.\n");
+ return NULL;
+ }

alloc_size &= ~3; /* Round to dword boundary. */
dev = (struct device *)kmalloc(alloc_size, GFP_KERNEL);
@@ -624,6 +642,8 @@
break;
}
}
+ if (i>=MAX_TR_CARDS)
+ printk("tr_freedev: WARNING - didn't find dev.\n");
}

int register_trdev(struct device *dev)
@@ -711,7 +731,12 @@
if (dev->priv) memset(dev->priv, 0, sizeof_priv);
goto fcfound;
}
+ break; /* have found a non-initialised slot */
}
+ if (i>=MAX_FC_CARDS) {
+ printk("init_fcdev: FATAL - too many fc devs.\n");
+ return NULL;
+ }

alloc_size &= ~3; /* Round to dword boundary. */
dev = (struct device *)kmalloc(alloc_size, GFP_KERNEL);
@@ -747,6 +772,8 @@
break;
}
}
+ if (i>=MAX_FC_CARDS)
+ printk("fc_freedev: WARNING - didn't find dev.\n");
}


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/