aboutsummaryrefslogtreecommitdiff
path: root/net/irda/ircomm/ircomm_core.c
diff options
context:
space:
mode:
Diffstat (limited to 'net/irda/ircomm/ircomm_core.c')
-rw-r--r--net/irda/ircomm/ircomm_core.c77
1 files changed, 42 insertions, 35 deletions
diff --git a/net/irda/ircomm/ircomm_core.c b/net/irda/ircomm/ircomm_core.c
index 2d63fa8e155..4490a675b1b 100644
--- a/net/irda/ircomm/ircomm_core.c
+++ b/net/irda/ircomm/ircomm_core.c
@@ -23,9 +23,7 @@
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston,
- * MA 02111-1307 USA
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
*
********************************************************************/
@@ -33,6 +31,7 @@
#include <linux/proc_fs.h>
#include <linux/seq_file.h>
#include <linux/init.h>
+#include <linux/slab.h>
#include <net/irda/irda.h>
#include <net/irda/irmod.h>
@@ -70,15 +69,17 @@ static int __init ircomm_init(void)
{
ircomm = hashbin_new(HB_LOCK);
if (ircomm == NULL) {
- IRDA_ERROR("%s(), can't allocate hashbin!\n", __FUNCTION__);
+ IRDA_ERROR("%s(), can't allocate hashbin!\n", __func__);
return -ENOMEM;
}
#ifdef CONFIG_PROC_FS
{ struct proc_dir_entry *ent;
- ent = create_proc_entry("ircomm", 0, proc_irda);
- if (ent)
- ent->proc_fops = &ircomm_proc_fops;
+ ent = proc_create("ircomm", 0, proc_irda, &ircomm_proc_fops);
+ if (!ent) {
+ printk(KERN_ERR "ircomm_init: can't create /proc entry!\n");
+ return -ENODEV;
+ }
}
#endif /* CONFIG_PROC_FS */
@@ -89,7 +90,7 @@ static int __init ircomm_init(void)
static void __exit ircomm_cleanup(void)
{
- IRDA_DEBUG(2, "%s()\n", __FUNCTION__ );
+ IRDA_DEBUG(2, "%s()\n", __func__ );
hashbin_delete(ircomm, (FREE_FUNC) __ircomm_close);
@@ -109,12 +110,12 @@ struct ircomm_cb *ircomm_open(notify_t *notify, __u8 service_type, int line)
struct ircomm_cb *self = NULL;
int ret;
- IRDA_DEBUG(2, "%s(), service_type=0x%02x\n", __FUNCTION__ ,
+ IRDA_DEBUG(2, "%s(), service_type=0x%02x\n", __func__ ,
service_type);
IRDA_ASSERT(ircomm != NULL, return NULL;);
- self = kzalloc(sizeof(struct ircomm_cb), GFP_ATOMIC);
+ self = kzalloc(sizeof(struct ircomm_cb), GFP_KERNEL);
if (self == NULL)
return NULL;
@@ -153,7 +154,7 @@ EXPORT_SYMBOL(ircomm_open);
*/
static int __ircomm_close(struct ircomm_cb *self)
{
- IRDA_DEBUG(2, "%s()\n", __FUNCTION__ );
+ IRDA_DEBUG(2, "%s()\n", __func__ );
/* Disconnect link if any */
ircomm_do_event(self, IRCOMM_DISCONNECT_REQUEST, NULL, NULL);
@@ -189,7 +190,7 @@ int ircomm_close(struct ircomm_cb *self)
IRDA_ASSERT(self != NULL, return -EIO;);
IRDA_ASSERT(self->magic == IRCOMM_MAGIC, return -EIO;);
- IRDA_DEBUG(0, "%s()\n", __FUNCTION__ );
+ IRDA_DEBUG(0, "%s()\n", __func__ );
entry = hashbin_remove(ircomm, self->line, NULL);
@@ -214,7 +215,7 @@ int ircomm_connect_request(struct ircomm_cb *self, __u8 dlsap_sel,
struct ircomm_info info;
int ret;
- IRDA_DEBUG(2 , "%s()\n", __FUNCTION__ );
+ IRDA_DEBUG(2 , "%s()\n", __func__ );
IRDA_ASSERT(self != NULL, return -1;);
IRDA_ASSERT(self->magic == IRCOMM_MAGIC, return -1;);
@@ -241,13 +242,7 @@ EXPORT_SYMBOL(ircomm_connect_request);
void ircomm_connect_indication(struct ircomm_cb *self, struct sk_buff *skb,
struct ircomm_info *info)
{
- int clen = 0;
-
- IRDA_DEBUG(2, "%s()\n", __FUNCTION__ );
-
- /* Check if the packet contains data on the control channel */
- if (skb->len > 0)
- clen = skb->data[0];
+ IRDA_DEBUG(2, "%s()\n", __func__ );
/*
* If there are any data hiding in the control channel, we must
@@ -259,7 +254,7 @@ void ircomm_connect_indication(struct ircomm_cb *self, struct sk_buff *skb,
info->qos, info->max_data_size,
info->max_header_size, skb);
else {
- IRDA_DEBUG(0, "%s(), missing handler\n", __FUNCTION__ );
+ IRDA_DEBUG(0, "%s(), missing handler\n", __func__ );
}
}
@@ -276,7 +271,7 @@ int ircomm_connect_response(struct ircomm_cb *self, struct sk_buff *userdata)
IRDA_ASSERT(self != NULL, return -1;);
IRDA_ASSERT(self->magic == IRCOMM_MAGIC, return -1;);
- IRDA_DEBUG(4, "%s()\n", __FUNCTION__ );
+ IRDA_DEBUG(4, "%s()\n", __func__ );
ret = ircomm_do_event(self, IRCOMM_CONNECT_RESPONSE, userdata, NULL);
@@ -294,7 +289,7 @@ EXPORT_SYMBOL(ircomm_connect_response);
void ircomm_connect_confirm(struct ircomm_cb *self, struct sk_buff *skb,
struct ircomm_info *info)
{
- IRDA_DEBUG(4, "%s()\n", __FUNCTION__ );
+ IRDA_DEBUG(4, "%s()\n", __func__ );
if (self->notify.connect_confirm )
self->notify.connect_confirm(self->notify.instance,
@@ -302,7 +297,7 @@ void ircomm_connect_confirm(struct ircomm_cb *self, struct sk_buff *skb,
info->max_data_size,
info->max_header_size, skb);
else {
- IRDA_DEBUG(0, "%s(), missing handler\n", __FUNCTION__ );
+ IRDA_DEBUG(0, "%s(), missing handler\n", __func__ );
}
}
@@ -316,7 +311,7 @@ int ircomm_data_request(struct ircomm_cb *self, struct sk_buff *skb)
{
int ret;
- IRDA_DEBUG(4, "%s()\n", __FUNCTION__ );
+ IRDA_DEBUG(4, "%s()\n", __func__ );
IRDA_ASSERT(self != NULL, return -EFAULT;);
IRDA_ASSERT(self->magic == IRCOMM_MAGIC, return -EFAULT;);
@@ -337,14 +332,14 @@ EXPORT_SYMBOL(ircomm_data_request);
*/
void ircomm_data_indication(struct ircomm_cb *self, struct sk_buff *skb)
{
- IRDA_DEBUG(4, "%s()\n", __FUNCTION__ );
+ IRDA_DEBUG(4, "%s()\n", __func__ );
IRDA_ASSERT(skb->len > 0, return;);
if (self->notify.data_indication)
self->notify.data_indication(self->notify.instance, self, skb);
else {
- IRDA_DEBUG(0, "%s(), missing handler\n", __FUNCTION__ );
+ IRDA_DEBUG(0, "%s(), missing handler\n", __func__ );
}
}
@@ -363,6 +358,18 @@ void ircomm_process_data(struct ircomm_cb *self, struct sk_buff *skb)
clen = skb->data[0];
/*
+ * Input validation check: a stir4200/mcp2150 combinations sometimes
+ * results in frames with clen > remaining packet size. These are
+ * illegal; if we throw away just this frame then it seems to carry on
+ * fine
+ */
+ if (unlikely(skb->len < (clen + 1))) {
+ IRDA_DEBUG(2, "%s() throwing away illegal frame\n",
+ __func__ );
+ return;
+ }
+
+ /*
* If there are any data hiding in the control channel, we must
* deliver it first. The side effect is that the control channel
* will be removed from the skb
@@ -377,7 +384,7 @@ void ircomm_process_data(struct ircomm_cb *self, struct sk_buff *skb)
ircomm_data_indication(self, skb);
else {
IRDA_DEBUG(4, "%s(), data was control info only!\n",
- __FUNCTION__ );
+ __func__ );
}
}
@@ -391,7 +398,7 @@ int ircomm_control_request(struct ircomm_cb *self, struct sk_buff *skb)
{
int ret;
- IRDA_DEBUG(2, "%s()\n", __FUNCTION__ );
+ IRDA_DEBUG(2, "%s()\n", __func__ );
IRDA_ASSERT(self != NULL, return -EFAULT;);
IRDA_ASSERT(self->magic == IRCOMM_MAGIC, return -EFAULT;);
@@ -413,7 +420,7 @@ EXPORT_SYMBOL(ircomm_control_request);
static void ircomm_control_indication(struct ircomm_cb *self,
struct sk_buff *skb, int clen)
{
- IRDA_DEBUG(2, "%s()\n", __FUNCTION__ );
+ IRDA_DEBUG(2, "%s()\n", __func__ );
/* Use udata for delivering data on the control channel */
if (self->notify.udata_indication) {
@@ -434,7 +441,7 @@ static void ircomm_control_indication(struct ircomm_cb *self,
* see ircomm_tty_control_indication(). */
dev_kfree_skb(ctrl_skb);
} else {
- IRDA_DEBUG(0, "%s(), missing handler\n", __FUNCTION__ );
+ IRDA_DEBUG(0, "%s(), missing handler\n", __func__ );
}
}
@@ -449,7 +456,7 @@ int ircomm_disconnect_request(struct ircomm_cb *self, struct sk_buff *userdata)
struct ircomm_info info;
int ret;
- IRDA_DEBUG(2, "%s()\n", __FUNCTION__ );
+ IRDA_DEBUG(2, "%s()\n", __func__ );
IRDA_ASSERT(self != NULL, return -1;);
IRDA_ASSERT(self->magic == IRCOMM_MAGIC, return -1;);
@@ -470,7 +477,7 @@ EXPORT_SYMBOL(ircomm_disconnect_request);
void ircomm_disconnect_indication(struct ircomm_cb *self, struct sk_buff *skb,
struct ircomm_info *info)
{
- IRDA_DEBUG(2, "%s()\n", __FUNCTION__ );
+ IRDA_DEBUG(2, "%s()\n", __func__ );
IRDA_ASSERT(info != NULL, return;);
@@ -478,7 +485,7 @@ void ircomm_disconnect_indication(struct ircomm_cb *self, struct sk_buff *skb,
self->notify.disconnect_indication(self->notify.instance, self,
info->reason, skb);
} else {
- IRDA_DEBUG(0, "%s(), missing handler\n", __FUNCTION__ );
+ IRDA_DEBUG(0, "%s(), missing handler\n", __func__ );
}
}
@@ -490,7 +497,7 @@ void ircomm_disconnect_indication(struct ircomm_cb *self, struct sk_buff *skb,
*/
void ircomm_flow_request(struct ircomm_cb *self, LOCAL_FLOW flow)
{
- IRDA_DEBUG(2, "%s()\n", __FUNCTION__ );
+ IRDA_DEBUG(2, "%s()\n", __func__ );
IRDA_ASSERT(self != NULL, return;);
IRDA_ASSERT(self->magic == IRCOMM_MAGIC, return;);
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2025-12-07 23:59:47 +0000