diff options
| author | Christian Muck <christian.muck@bmw.de> | 2012-03-21 09:49:13 +0100 |
|---|---|---|
| committer | Christian Muck <christian.muck@bmw.de> | 2012-03-21 09:49:13 +0100 |
| commit | 3c10728ba6ebace39a88cf049a2e719c80e0ca41 (patch) | |
| tree | 1dee4776172db3f3ef618a03d3bcf2365c08b6fb | |
| parent | 5b6522ad518a6e565f3505b9b3f6ef7580754968 (diff) | |
| download | DLT-daemon-3c10728ba6ebace39a88cf049a2e719c80e0ca41.tar.gz | |
Fixed bug with comparinson between signed and unsigned integer and protection for a buffer overflow.
Signed-off-by: Christian Muck <christian.muck@bmw.de>
| -rwxr-xr-x | src/daemon/dlt-daemon.c | 16 | ||||
| -rwxr-xr-x | src/daemon/dlt_daemon_common.c | 10 | ||||
| -rwxr-xr-x | src/lib/dlt_user.c | 26 | ||||
| -rwxr-xr-x | src/shared/dlt_common.c | 17 | ||||
| -rw-r--r-- | src/shared/dlt_offline_trace.c | 2 | ||||
| -rwxr-xr-x | src/shared/dlt_user_shared.c | 4 |
6 files changed, 41 insertions, 34 deletions
diff --git a/src/daemon/dlt-daemon.c b/src/daemon/dlt-daemon.c index 4308171..c691162 100755 --- a/src/daemon/dlt-daemon.c +++ b/src/daemon/dlt-daemon.c @@ -1184,7 +1184,7 @@ int dlt_daemon_process_user_messages(DltDaemon *daemon, DltDaemonLocal *daemon_l /* look through buffer as long as data is in there */ do { - if (daemon_local->receiver.bytesRcvd < sizeof(DltUserHeader)) + if (daemon_local->receiver.bytesRcvd < (int32_t)sizeof(DltUserHeader)) { break; } @@ -1204,7 +1204,7 @@ int dlt_daemon_process_user_messages(DltDaemon *daemon, DltDaemonLocal *daemon_l offset++; } - while ((sizeof(DltUserHeader)+offset)<=daemon_local->receiver.bytesRcvd); + while ((int32_t)(sizeof(DltUserHeader)+offset)<=daemon_local->receiver.bytesRcvd); /* Check for user header pattern */ if (dlt_user_check_userheader(userheader)==0) @@ -1391,7 +1391,7 @@ int dlt_daemon_process_user_message_register_application(DltDaemon *daemon, DltD return -1; } - if (daemon_local->receiver.bytesRcvd < (sizeof(DltUserHeader)+sizeof(DltUserControlMsgRegisterApplication))) + if (daemon_local->receiver.bytesRcvd < (int32_t)(sizeof(DltUserHeader)+sizeof(DltUserControlMsgRegisterApplication))) { /* Not enough bytes received */ return -1; @@ -1451,7 +1451,7 @@ int dlt_daemon_process_user_message_register_context(DltDaemon *daemon, DltDaemo return -1; } - if (daemon_local->receiver.bytesRcvd < (sizeof(DltUserHeader)+sizeof(DltUserControlMsgRegisterContext))) + if (daemon_local->receiver.bytesRcvd < (int32_t)(sizeof(DltUserHeader)+sizeof(DltUserControlMsgRegisterContext))) { /* Not enough bytes received */ return -1; @@ -1623,7 +1623,7 @@ int dlt_daemon_process_user_message_unregister_application(DltDaemon *daemon, Dl return -1; } - if (daemon_local->receiver.bytesRcvd < (sizeof(DltUserHeader)+sizeof(DltUserControlMsgUnregisterApplication))) + if (daemon_local->receiver.bytesRcvd < (int32_t)(sizeof(DltUserHeader)+sizeof(DltUserControlMsgUnregisterApplication))) { /* Not enough bytes received */ return -1; @@ -1691,7 +1691,7 @@ int dlt_daemon_process_user_message_unregister_context(DltDaemon *daemon, DltDae return -1; } - if (daemon_local->receiver.bytesRcvd < (sizeof(DltUserHeader)+sizeof(DltUserControlMsgUnregisterContext))) + if (daemon_local->receiver.bytesRcvd < (int32_t)(sizeof(DltUserHeader)+sizeof(DltUserControlMsgUnregisterContext))) { /* Not enough bytes received */ return -1; @@ -2098,7 +2098,7 @@ int dlt_daemon_process_user_message_set_app_ll_ts(DltDaemon *daemon, DltDaemonLo return -1; } - if (daemon_local->receiver.bytesRcvd < (sizeof(DltUserHeader)+sizeof(DltUserControlMsgAppLogLevelTraceStatus ))) + if (daemon_local->receiver.bytesRcvd < (int32_t)(sizeof(DltUserHeader)+sizeof(DltUserControlMsgAppLogLevelTraceStatus ))) { /* Not enough bytes receeived */ return -1; @@ -2164,7 +2164,7 @@ int dlt_daemon_process_user_message_log_mode(DltDaemon *daemon, DltDaemonLocal * return -1; } - if (daemon_local->receiver.bytesRcvd < (sizeof(DltUserHeader)+sizeof(DltUserControlMsgUnregisterContext))) + if (daemon_local->receiver.bytesRcvd < (int32_t)(sizeof(DltUserHeader)+sizeof(DltUserControlMsgUnregisterContext))) { /* Not enough bytes received */ return -1; diff --git a/src/daemon/dlt_daemon_common.c b/src/daemon/dlt_daemon_common.c index 1de6aea..1c6b192 100755 --- a/src/daemon/dlt_daemon_common.c +++ b/src/daemon/dlt_daemon_common.c @@ -225,7 +225,7 @@ int dlt_daemon_free(DltDaemon *daemon,int verbose) int dlt_daemon_applications_clear(DltDaemon *daemon,int verbose) { - uint32_t i; + int i; PRINT_FUNCTION_VERBOSE(verbose); @@ -477,7 +477,7 @@ int dlt_daemon_applications_load(DltDaemon *daemon,const char *filename, int ver int dlt_daemon_applications_save(DltDaemon *daemon,const char *filename, int verbose) { FILE *fd; - uint32_t i; + int i; char apid[DLT_ID_SIZE+1]; /* DLT_ID_SIZE+1, because the 0-termination is required here */ @@ -800,7 +800,7 @@ int dlt_daemon_contexts_load(DltDaemon *daemon,const char *filename, int verbose int dlt_daemon_contexts_save(DltDaemon *daemon,const char *filename, int verbose) { FILE *fd; - uint32_t i; + int i; char apid[DLT_ID_SIZE+1], ctid[DLT_ID_SIZE+1]; /* DLT_ID_SIZE+1, because the 0-termination is required here */ @@ -1028,7 +1028,7 @@ int dlt_daemon_control_process_control(int sock, DltDaemon *daemon, DltMessage * return -1; } - if (msg->datasize<sizeof(uint32_t)) + if (msg->datasize < (int32_t)sizeof(uint32_t)) { return -1; } @@ -1402,7 +1402,7 @@ void dlt_daemon_control_set_default_log_level(int sock, DltDaemon *daemon, DltMe req = (DltServiceSetDefaultLogLevel*) (msg->databuffer); /* No endianess conversion necessary */ - if ((req->log_level>=0) && + if (/*(req->log_level>=0) &&*/ (req->log_level<=DLT_LOG_VERBOSE)) { daemon->default_log_level = req->log_level; /* No endianess conversion necessary */ diff --git a/src/lib/dlt_user.c b/src/lib/dlt_user.c index 5de8561..dc65cab 100755 --- a/src/lib/dlt_user.c +++ b/src/lib/dlt_user.c @@ -377,7 +377,7 @@ int dlt_user_atexit_blow_out_user_buffer(void){ int dlt_free(void) { - int i; + uint32_t i; char filename[DLT_USER_MAX_FILENAME_LENGTH]; if (dlt_user_initialised==0) @@ -525,7 +525,7 @@ int dlt_register_context(DltContext *handle, const char *contextid, const char * int dlt_register_context_ll_ts(DltContext *handle, const char *contextid, const char * description, int loglevel, int tracestatus) { DltContextData log; - int i; + uint32_t i; int registered,ret; char ctid[DLT_ID_SIZE+1]; @@ -811,7 +811,7 @@ int dlt_unregister_context(DltContext *handle) int dlt_set_application_ll_ts_limit(DltLogLevelType loglevel, DltTraceStatusType tracestatus) { - int i; + uint32_t i; int ret; if (dlt_user_initialised==0) @@ -1619,7 +1619,7 @@ int dlt_register_injection_callback(DltContext *handle, uint32_t service_id, int (*dlt_injection_callback)(uint32_t service_id, void *data, uint32_t length)) { DltContextData log; - int i,j,k; + uint32_t i,j,k; int found = 0; DltUserInjectionCallback *old; @@ -2600,7 +2600,7 @@ int dlt_user_log_check_user_message(void) int offset=0; int leave_while=0; - int i; + uint32_t i; DltUserHeader *userheader; DltReceiver *receiver = &(dlt_user.receiver); @@ -2624,7 +2624,7 @@ int dlt_user_log_check_user_message(void) /* look through buffer as long as data is in there */ while (1) { - if (receiver->bytesRcvd < sizeof(DltUserHeader)) + if (receiver->bytesRcvd < (int32_t)sizeof(DltUserHeader)) { break; } @@ -2643,7 +2643,7 @@ int dlt_user_log_check_user_message(void) offset++; } - while ((sizeof(DltUserHeader)+offset)<=receiver->bytesRcvd); + while ((int32_t)(sizeof(DltUserHeader)+offset)<=receiver->bytesRcvd); /* Check for user header pattern */ if (dlt_user_check_userheader(userheader)==0) @@ -2662,7 +2662,7 @@ int dlt_user_log_check_user_message(void) { case DLT_USER_MESSAGE_LOG_LEVEL: { - if (receiver->bytesRcvd < (sizeof(DltUserHeader)+sizeof(DltUserControlMsgLogLevel))) + if (receiver->bytesRcvd < (int32_t)(sizeof(DltUserHeader)+sizeof(DltUserControlMsgLogLevel))) { leave_while=1; break; @@ -2675,7 +2675,7 @@ int dlt_user_log_check_user_message(void) { DLT_SEM_LOCK(); - if ((usercontextll->log_level_pos>=0) && (usercontextll->log_level_pos<dlt_user.dlt_ll_ts_num_entries)) + if ((usercontextll->log_level_pos >= 0) && (usercontextll->log_level_pos < (int32_t)dlt_user.dlt_ll_ts_num_entries)) { // printf("Store ll, ts\n"); if (dlt_user.dlt_ll_ts) @@ -2698,7 +2698,7 @@ int dlt_user_log_check_user_message(void) case DLT_USER_MESSAGE_INJECTION: { /* At least, user header, user context, and service id and data_length of injected message is available */ - if (receiver->bytesRcvd < (sizeof(DltUserHeader)+sizeof(DltUserControlMsgInjection))) + if (receiver->bytesRcvd < (int32_t)(sizeof(DltUserHeader)+sizeof(DltUserControlMsgInjection))) { leave_while = 1; break; @@ -2711,7 +2711,7 @@ int dlt_user_log_check_user_message(void) if (userbuffer!=0) { - if (receiver->bytesRcvd < (sizeof(DltUserHeader)+sizeof(DltUserControlMsgInjection)+usercontextinj->data_length_inject)) + if (receiver->bytesRcvd < (int32_t)(sizeof(DltUserHeader)+sizeof(DltUserControlMsgInjection)+usercontextinj->data_length_inject)) { leave_while = 1; break; @@ -2767,7 +2767,7 @@ int dlt_user_log_check_user_message(void) case DLT_USER_MESSAGE_LOG_STATE: { /* At least, user header, user context, and service id and data_length of injected message is available */ - if (receiver->bytesRcvd < (sizeof(DltUserHeader)+sizeof(DltUserControlMsgLogState))) + if (receiver->bytesRcvd < (int32_t)(sizeof(DltUserHeader)+sizeof(DltUserControlMsgLogState))) { leave_while = 1; break; @@ -2875,7 +2875,7 @@ int dlt_user_log_resend_buffer(void) void dlt_user_log_reattach_to_daemon(void) { - int num,reregistered=0; + uint32_t num,reregistered=0; DltContext handle; DltContextData log_new; diff --git a/src/shared/dlt_common.c b/src/shared/dlt_common.c index 033ea1f..2f517bc 100755 --- a/src/shared/dlt_common.c +++ b/src/shared/dlt_common.c @@ -2203,6 +2203,13 @@ int dlt_receiver_remove(DltReceiver *receiver,int size) return -1; } + if (size>receiver->bytesRcvd) + { + receiver->buf = receiver->buf + receiver->bytesRcvd; + receiver->bytesRcvd=0; + return -1; + } + receiver->bytesRcvd = receiver->bytesRcvd - size; receiver->buf = receiver->buf + size; @@ -2400,7 +2407,7 @@ int dlt_buffer_free_dynamic(DltBuffer *buf) void dlt_buffer_write_block(DltBuffer *buf,int *write, const unsigned char *data,unsigned int size) { - if((*write+size) <= buf->size) { + if((int)(*write+size) <= buf->size) { // write one block memcpy(buf->mem+*write,data,size); *write += size; @@ -2415,7 +2422,7 @@ void dlt_buffer_write_block(DltBuffer *buf,int *write, const unsigned char *data void dlt_buffer_read_block(DltBuffer *buf,int *read,unsigned char *data,unsigned int size) { - if((*read+size) <= buf->size) { + if((int)(*read+size) <= buf->size) { // read one block memcpy(data,buf->mem+*read,size); *read += size; @@ -2577,7 +2584,7 @@ int dlt_buffer_push3(DltBuffer *buf,const unsigned char *data1,unsigned int size free_size = buf->size - write + read; // check size - if(free_size < (sizeof(DltBufferBlockHead)+size1+size2+size3)) { + if(free_size < (int)(sizeof(DltBufferBlockHead)+size1+size2+size3)) { // try to increase size if possible if(dlt_buffer_increase_size(buf)) { /* increase size is not possible */ @@ -2651,7 +2658,7 @@ int dlt_buffer_get(DltBuffer *buf,unsigned char *data, int max_size,int delete) used_size = buf->size - read + write; // first check size - if(used_size < (sizeof(DltBufferBlockHead))) { + if(used_size < (int)(sizeof(DltBufferBlockHead))) { dlt_log(LOG_ERR,"Buffer: Size check 1 failed\n"); dlt_buffer_reset(buf); return -1; // ERROR @@ -2675,7 +2682,7 @@ int dlt_buffer_get(DltBuffer *buf,unsigned char *data, int max_size,int delete) } // second check size - if(used_size < (sizeof(DltBufferBlockHead)+head.size)) { + if(used_size < (int)(sizeof(DltBufferBlockHead)+head.size)) { dlt_log(LOG_ERR,"Buffer: Size check 2 failed\n"); dlt_buffer_reset(buf); return -1; // ERROR diff --git a/src/shared/dlt_offline_trace.c b/src/shared/dlt_offline_trace.c index 5f7f5b5..5d4c76a 100644 --- a/src/shared/dlt_offline_trace.c +++ b/src/shared/dlt_offline_trace.c @@ -169,7 +169,7 @@ int dlt_offline_trace_delete_oldest_file(DltOfflineTrace *trace) { int dlt_offline_trace_check_size(DltOfflineTrace *trace) { /* check size of complete offline trace */ - while(dlt_offline_trace_get_total_size(trace) > (trace->maxSize-trace->fileSize)) + while((int)dlt_offline_trace_get_total_size(trace) > (trace->maxSize-trace->fileSize)) { /* remove oldest files as long as new file will not fit in completely into complete offline trace */ if(dlt_offline_trace_delete_oldest_file(trace)<0) { diff --git a/src/shared/dlt_user_shared.c b/src/shared/dlt_user_shared.c index 5afc828..e743dfc 100755 --- a/src/shared/dlt_user_shared.c +++ b/src/shared/dlt_user_shared.c @@ -125,7 +125,7 @@ int dlt_user_check_userheader(DltUserHeader *userheader) DltReturnValue dlt_user_log_out2(int handle, void *ptr1, size_t len1, void* ptr2, size_t len2) { struct iovec iov[2]; - int bytes_written; + uint32_t bytes_written; if (handle<=0) { @@ -151,7 +151,7 @@ DltReturnValue dlt_user_log_out2(int handle, void *ptr1, size_t len1, void* ptr2 DltReturnValue dlt_user_log_out3(int handle, void *ptr1, size_t len1, void* ptr2, size_t len2, void *ptr3, size_t len3) { struct iovec iov[3]; - int bytes_written; + uint32_t bytes_written; if (handle<=0) { |