From 3c10728ba6ebace39a88cf049a2e719c80e0ca41 Mon Sep 17 00:00:00 2001 From: Christian Muck Date: Wed, 21 Mar 2012 09:49:13 +0100 Subject: Fixed bug with comparinson between signed and unsigned integer and protection for a buffer overflow. Signed-off-by: Christian Muck --- src/daemon/dlt-daemon.c | 16 ++++++++-------- src/daemon/dlt_daemon_common.c | 10 +++++----- src/lib/dlt_user.c | 26 +++++++++++++------------- src/shared/dlt_common.c | 17 ++++++++++++----- src/shared/dlt_offline_trace.c | 2 +- src/shared/dlt_user_shared.c | 4 ++-- 6 files changed, 41 insertions(+), 34 deletions(-) diff --git a/src/daemon/dlt-daemon.c b/src/daemon/dlt-daemon.c index 4308171..c691162 100755 --- a/src/daemon/dlt-daemon.c +++ b/src/daemon/dlt-daemon.c @@ -1184,7 +1184,7 @@ int dlt_daemon_process_user_messages(DltDaemon *daemon, DltDaemonLocal *daemon_l /* look through buffer as long as data is in there */ do { - if (daemon_local->receiver.bytesRcvd < sizeof(DltUserHeader)) + if (daemon_local->receiver.bytesRcvd < (int32_t)sizeof(DltUserHeader)) { break; } @@ -1204,7 +1204,7 @@ int dlt_daemon_process_user_messages(DltDaemon *daemon, DltDaemonLocal *daemon_l offset++; } - while ((sizeof(DltUserHeader)+offset)<=daemon_local->receiver.bytesRcvd); + while ((int32_t)(sizeof(DltUserHeader)+offset)<=daemon_local->receiver.bytesRcvd); /* Check for user header pattern */ if (dlt_user_check_userheader(userheader)==0) @@ -1391,7 +1391,7 @@ int dlt_daemon_process_user_message_register_application(DltDaemon *daemon, DltD return -1; } - if (daemon_local->receiver.bytesRcvd < (sizeof(DltUserHeader)+sizeof(DltUserControlMsgRegisterApplication))) + if (daemon_local->receiver.bytesRcvd < (int32_t)(sizeof(DltUserHeader)+sizeof(DltUserControlMsgRegisterApplication))) { /* Not enough bytes received */ return -1; @@ -1451,7 +1451,7 @@ int dlt_daemon_process_user_message_register_context(DltDaemon *daemon, DltDaemo return -1; } - if (daemon_local->receiver.bytesRcvd < (sizeof(DltUserHeader)+sizeof(DltUserControlMsgRegisterContext))) + if (daemon_local->receiver.bytesRcvd < (int32_t)(sizeof(DltUserHeader)+sizeof(DltUserControlMsgRegisterContext))) { /* Not enough bytes received */ return -1; @@ -1623,7 +1623,7 @@ int dlt_daemon_process_user_message_unregister_application(DltDaemon *daemon, Dl return -1; } - if (daemon_local->receiver.bytesRcvd < (sizeof(DltUserHeader)+sizeof(DltUserControlMsgUnregisterApplication))) + if (daemon_local->receiver.bytesRcvd < (int32_t)(sizeof(DltUserHeader)+sizeof(DltUserControlMsgUnregisterApplication))) { /* Not enough bytes received */ return -1; @@ -1691,7 +1691,7 @@ int dlt_daemon_process_user_message_unregister_context(DltDaemon *daemon, DltDae return -1; } - if (daemon_local->receiver.bytesRcvd < (sizeof(DltUserHeader)+sizeof(DltUserControlMsgUnregisterContext))) + if (daemon_local->receiver.bytesRcvd < (int32_t)(sizeof(DltUserHeader)+sizeof(DltUserControlMsgUnregisterContext))) { /* Not enough bytes received */ return -1; @@ -2098,7 +2098,7 @@ int dlt_daemon_process_user_message_set_app_ll_ts(DltDaemon *daemon, DltDaemonLo return -1; } - if (daemon_local->receiver.bytesRcvd < (sizeof(DltUserHeader)+sizeof(DltUserControlMsgAppLogLevelTraceStatus ))) + if (daemon_local->receiver.bytesRcvd < (int32_t)(sizeof(DltUserHeader)+sizeof(DltUserControlMsgAppLogLevelTraceStatus ))) { /* Not enough bytes receeived */ return -1; @@ -2164,7 +2164,7 @@ int dlt_daemon_process_user_message_log_mode(DltDaemon *daemon, DltDaemonLocal * return -1; } - if (daemon_local->receiver.bytesRcvd < (sizeof(DltUserHeader)+sizeof(DltUserControlMsgUnregisterContext))) + if (daemon_local->receiver.bytesRcvd < (int32_t)(sizeof(DltUserHeader)+sizeof(DltUserControlMsgUnregisterContext))) { /* Not enough bytes received */ return -1; diff --git a/src/daemon/dlt_daemon_common.c b/src/daemon/dlt_daemon_common.c index 1de6aea..1c6b192 100755 --- a/src/daemon/dlt_daemon_common.c +++ b/src/daemon/dlt_daemon_common.c @@ -225,7 +225,7 @@ int dlt_daemon_free(DltDaemon *daemon,int verbose) int dlt_daemon_applications_clear(DltDaemon *daemon,int verbose) { - uint32_t i; + int i; PRINT_FUNCTION_VERBOSE(verbose); @@ -477,7 +477,7 @@ int dlt_daemon_applications_load(DltDaemon *daemon,const char *filename, int ver int dlt_daemon_applications_save(DltDaemon *daemon,const char *filename, int verbose) { FILE *fd; - uint32_t i; + int i; char apid[DLT_ID_SIZE+1]; /* DLT_ID_SIZE+1, because the 0-termination is required here */ @@ -800,7 +800,7 @@ int dlt_daemon_contexts_load(DltDaemon *daemon,const char *filename, int verbose int dlt_daemon_contexts_save(DltDaemon *daemon,const char *filename, int verbose) { FILE *fd; - uint32_t i; + int i; char apid[DLT_ID_SIZE+1], ctid[DLT_ID_SIZE+1]; /* DLT_ID_SIZE+1, because the 0-termination is required here */ @@ -1028,7 +1028,7 @@ int dlt_daemon_control_process_control(int sock, DltDaemon *daemon, DltMessage * return -1; } - if (msg->datasizedatasize < (int32_t)sizeof(uint32_t)) { return -1; } @@ -1402,7 +1402,7 @@ void dlt_daemon_control_set_default_log_level(int sock, DltDaemon *daemon, DltMe req = (DltServiceSetDefaultLogLevel*) (msg->databuffer); /* No endianess conversion necessary */ - if ((req->log_level>=0) && + if (/*(req->log_level>=0) &&*/ (req->log_level<=DLT_LOG_VERBOSE)) { daemon->default_log_level = req->log_level; /* No endianess conversion necessary */ diff --git a/src/lib/dlt_user.c b/src/lib/dlt_user.c index 5de8561..dc65cab 100755 --- a/src/lib/dlt_user.c +++ b/src/lib/dlt_user.c @@ -377,7 +377,7 @@ int dlt_user_atexit_blow_out_user_buffer(void){ int dlt_free(void) { - int i; + uint32_t i; char filename[DLT_USER_MAX_FILENAME_LENGTH]; if (dlt_user_initialised==0) @@ -525,7 +525,7 @@ int dlt_register_context(DltContext *handle, const char *contextid, const char * int dlt_register_context_ll_ts(DltContext *handle, const char *contextid, const char * description, int loglevel, int tracestatus) { DltContextData log; - int i; + uint32_t i; int registered,ret; char ctid[DLT_ID_SIZE+1]; @@ -811,7 +811,7 @@ int dlt_unregister_context(DltContext *handle) int dlt_set_application_ll_ts_limit(DltLogLevelType loglevel, DltTraceStatusType tracestatus) { - int i; + uint32_t i; int ret; if (dlt_user_initialised==0) @@ -1619,7 +1619,7 @@ int dlt_register_injection_callback(DltContext *handle, uint32_t service_id, int (*dlt_injection_callback)(uint32_t service_id, void *data, uint32_t length)) { DltContextData log; - int i,j,k; + uint32_t i,j,k; int found = 0; DltUserInjectionCallback *old; @@ -2600,7 +2600,7 @@ int dlt_user_log_check_user_message(void) int offset=0; int leave_while=0; - int i; + uint32_t i; DltUserHeader *userheader; DltReceiver *receiver = &(dlt_user.receiver); @@ -2624,7 +2624,7 @@ int dlt_user_log_check_user_message(void) /* look through buffer as long as data is in there */ while (1) { - if (receiver->bytesRcvd < sizeof(DltUserHeader)) + if (receiver->bytesRcvd < (int32_t)sizeof(DltUserHeader)) { break; } @@ -2643,7 +2643,7 @@ int dlt_user_log_check_user_message(void) offset++; } - while ((sizeof(DltUserHeader)+offset)<=receiver->bytesRcvd); + while ((int32_t)(sizeof(DltUserHeader)+offset)<=receiver->bytesRcvd); /* Check for user header pattern */ if (dlt_user_check_userheader(userheader)==0) @@ -2662,7 +2662,7 @@ int dlt_user_log_check_user_message(void) { case DLT_USER_MESSAGE_LOG_LEVEL: { - if (receiver->bytesRcvd < (sizeof(DltUserHeader)+sizeof(DltUserControlMsgLogLevel))) + if (receiver->bytesRcvd < (int32_t)(sizeof(DltUserHeader)+sizeof(DltUserControlMsgLogLevel))) { leave_while=1; break; @@ -2675,7 +2675,7 @@ int dlt_user_log_check_user_message(void) { DLT_SEM_LOCK(); - if ((usercontextll->log_level_pos>=0) && (usercontextll->log_level_poslog_level_pos >= 0) && (usercontextll->log_level_pos < (int32_t)dlt_user.dlt_ll_ts_num_entries)) { // printf("Store ll, ts\n"); if (dlt_user.dlt_ll_ts) @@ -2698,7 +2698,7 @@ int dlt_user_log_check_user_message(void) case DLT_USER_MESSAGE_INJECTION: { /* At least, user header, user context, and service id and data_length of injected message is available */ - if (receiver->bytesRcvd < (sizeof(DltUserHeader)+sizeof(DltUserControlMsgInjection))) + if (receiver->bytesRcvd < (int32_t)(sizeof(DltUserHeader)+sizeof(DltUserControlMsgInjection))) { leave_while = 1; break; @@ -2711,7 +2711,7 @@ int dlt_user_log_check_user_message(void) if (userbuffer!=0) { - if (receiver->bytesRcvd < (sizeof(DltUserHeader)+sizeof(DltUserControlMsgInjection)+usercontextinj->data_length_inject)) + if (receiver->bytesRcvd < (int32_t)(sizeof(DltUserHeader)+sizeof(DltUserControlMsgInjection)+usercontextinj->data_length_inject)) { leave_while = 1; break; @@ -2767,7 +2767,7 @@ int dlt_user_log_check_user_message(void) case DLT_USER_MESSAGE_LOG_STATE: { /* At least, user header, user context, and service id and data_length of injected message is available */ - if (receiver->bytesRcvd < (sizeof(DltUserHeader)+sizeof(DltUserControlMsgLogState))) + if (receiver->bytesRcvd < (int32_t)(sizeof(DltUserHeader)+sizeof(DltUserControlMsgLogState))) { leave_while = 1; break; @@ -2875,7 +2875,7 @@ int dlt_user_log_resend_buffer(void) void dlt_user_log_reattach_to_daemon(void) { - int num,reregistered=0; + uint32_t num,reregistered=0; DltContext handle; DltContextData log_new; diff --git a/src/shared/dlt_common.c b/src/shared/dlt_common.c index 033ea1f..2f517bc 100755 --- a/src/shared/dlt_common.c +++ b/src/shared/dlt_common.c @@ -2203,6 +2203,13 @@ int dlt_receiver_remove(DltReceiver *receiver,int size) return -1; } + if (size>receiver->bytesRcvd) + { + receiver->buf = receiver->buf + receiver->bytesRcvd; + receiver->bytesRcvd=0; + return -1; + } + receiver->bytesRcvd = receiver->bytesRcvd - size; receiver->buf = receiver->buf + size; @@ -2400,7 +2407,7 @@ int dlt_buffer_free_dynamic(DltBuffer *buf) void dlt_buffer_write_block(DltBuffer *buf,int *write, const unsigned char *data,unsigned int size) { - if((*write+size) <= buf->size) { + if((int)(*write+size) <= buf->size) { // write one block memcpy(buf->mem+*write,data,size); *write += size; @@ -2415,7 +2422,7 @@ void dlt_buffer_write_block(DltBuffer *buf,int *write, const unsigned char *data void dlt_buffer_read_block(DltBuffer *buf,int *read,unsigned char *data,unsigned int size) { - if((*read+size) <= buf->size) { + if((int)(*read+size) <= buf->size) { // read one block memcpy(data,buf->mem+*read,size); *read += size; @@ -2577,7 +2584,7 @@ int dlt_buffer_push3(DltBuffer *buf,const unsigned char *data1,unsigned int size free_size = buf->size - write + read; // check size - if(free_size < (sizeof(DltBufferBlockHead)+size1+size2+size3)) { + if(free_size < (int)(sizeof(DltBufferBlockHead)+size1+size2+size3)) { // try to increase size if possible if(dlt_buffer_increase_size(buf)) { /* increase size is not possible */ @@ -2651,7 +2658,7 @@ int dlt_buffer_get(DltBuffer *buf,unsigned char *data, int max_size,int delete) used_size = buf->size - read + write; // first check size - if(used_size < (sizeof(DltBufferBlockHead))) { + if(used_size < (int)(sizeof(DltBufferBlockHead))) { dlt_log(LOG_ERR,"Buffer: Size check 1 failed\n"); dlt_buffer_reset(buf); return -1; // ERROR @@ -2675,7 +2682,7 @@ int dlt_buffer_get(DltBuffer *buf,unsigned char *data, int max_size,int delete) } // second check size - if(used_size < (sizeof(DltBufferBlockHead)+head.size)) { + if(used_size < (int)(sizeof(DltBufferBlockHead)+head.size)) { dlt_log(LOG_ERR,"Buffer: Size check 2 failed\n"); dlt_buffer_reset(buf); return -1; // ERROR diff --git a/src/shared/dlt_offline_trace.c b/src/shared/dlt_offline_trace.c index 5f7f5b5..5d4c76a 100644 --- a/src/shared/dlt_offline_trace.c +++ b/src/shared/dlt_offline_trace.c @@ -169,7 +169,7 @@ int dlt_offline_trace_delete_oldest_file(DltOfflineTrace *trace) { int dlt_offline_trace_check_size(DltOfflineTrace *trace) { /* check size of complete offline trace */ - while(dlt_offline_trace_get_total_size(trace) > (trace->maxSize-trace->fileSize)) + while((int)dlt_offline_trace_get_total_size(trace) > (trace->maxSize-trace->fileSize)) { /* remove oldest files as long as new file will not fit in completely into complete offline trace */ if(dlt_offline_trace_delete_oldest_file(trace)<0) { diff --git a/src/shared/dlt_user_shared.c b/src/shared/dlt_user_shared.c index 5afc828..e743dfc 100755 --- a/src/shared/dlt_user_shared.c +++ b/src/shared/dlt_user_shared.c @@ -125,7 +125,7 @@ int dlt_user_check_userheader(DltUserHeader *userheader) DltReturnValue dlt_user_log_out2(int handle, void *ptr1, size_t len1, void* ptr2, size_t len2) { struct iovec iov[2]; - int bytes_written; + uint32_t bytes_written; if (handle<=0) { @@ -151,7 +151,7 @@ DltReturnValue dlt_user_log_out2(int handle, void *ptr1, size_t len1, void* ptr2 DltReturnValue dlt_user_log_out3(int handle, void *ptr1, size_t len1, void* ptr2, size_t len2, void *ptr3, size_t len3) { struct iovec iov[3]; - int bytes_written; + uint32_t bytes_written; if (handle<=0) { -- cgit v1.2.1 From 70561b811ecd788cfcbd00d7045e23f0de358a97 Mon Sep 17 00:00:00 2001 From: Christian Muck Date: Wed, 21 Mar 2012 09:50:11 +0100 Subject: [GENDLT-21] Fixed bug: Message Counter (MCNT) should be increased but is always 0 Signed-off-by: Christian Muck --- include/dlt/dlt_user.h | 4 ++-- src/lib/dlt_user.c | 6 ++++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/include/dlt/dlt_user.h b/include/dlt/dlt_user.h index ac889c7..edfeef2 100755 --- a/include/dlt/dlt_user.h +++ b/include/dlt/dlt_user.h @@ -173,7 +173,8 @@ typedef enum typedef struct { char contextID[4]; /**< context id */ - int32_t log_level_pos; /**< offset in user-application context field */ + int32_t log_level_pos; /**< offset in user-application context field */ + uint8_t mcnt; /**< message counter */ } DltContext; /** @@ -187,7 +188,6 @@ typedef struct int32_t log_level; /**< log level */ int32_t trace_status; /**< trace status */ int32_t args_num; /**< number of arguments for extended header*/ - uint8_t mcnt; /**< message counter */ char* context_description; /**< description of context */ } DltContextData; diff --git a/src/lib/dlt_user.c b/src/lib/dlt_user.c index dc65cab..6ed45a6 100755 --- a/src/lib/dlt_user.c +++ b/src/lib/dlt_user.c @@ -569,6 +569,9 @@ int dlt_register_context_ll_ts(DltContext *handle, const char *contextid, const return -1; } + /* Reset message counter */ + handle->mcnt = 0; + /* Store context id in log level/trace status field */ /* Check if already registered, else register context */ @@ -2051,7 +2054,6 @@ int dlt_user_log_init(DltContext *handle, DltContextData *log) } log->handle = handle; - log->mcnt = 0; return 0; } @@ -2131,7 +2133,7 @@ int dlt_user_log_send_log(DltContextData *log, int mtype) msg.standardheader->htyp = (msg.standardheader->htyp | DLT_HTYP_MSBF); #endif - msg.standardheader->mcnt = log->mcnt++; + msg.standardheader->mcnt = log->handle->mcnt++; /* Set header extra parameters */ dlt_set_id(msg.headerextra.ecu,dlt_user.ecuID); -- cgit v1.2.1 From 18cfeac78e7e28cda4b745854c079433885a56d4 Mon Sep 17 00:00:00 2001 From: Christian Muck Date: Wed, 21 Mar 2012 14:11:09 +0100 Subject: Replaced dlt-test-filetransfer-image.png with an own created image Signed-off-by: Christian Muck --- src/tests/dlt-test-filetransfer-image.png | Bin 49105 -> 18901 bytes 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 src/tests/dlt-test-filetransfer-image.png diff --git a/src/tests/dlt-test-filetransfer-image.png b/src/tests/dlt-test-filetransfer-image.png old mode 100644 new mode 100755 index b969d9d..dbc570e Binary files a/src/tests/dlt-test-filetransfer-image.png and b/src/tests/dlt-test-filetransfer-image.png differ -- cgit v1.2.1