From f4821f92614bafaaee01721b3a5ffc29fe2f5365 Mon Sep 17 00:00:00 2001 From: Tobias Klauser Date: Wed, 30 Apr 2014 13:32:08 +0200 Subject: ring: Consistently use size_t to specify ring size MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The mm_len member of struct ring is of type size_t, but in the code paths leading to set it, unsigned int is used. In circumstances where unsigned int is 32 bit and size_t is 64 bit, this could lead to an integer overflow, which causes an improper ring size being mmap()'ed in mmap_ring_generic(). In order to prevent this, consistently use size_t to store the ring size, since this is also what mmap() takes as its `length' parameter. This now allows to specify ring sizes larger than 4 GiB for both netsniff-ng and trafgen (fixes #90). Reported-by: Jon Schipp Reported-by: Michał Purzyński Signed-off-by: Tobias Klauser --- ring_rx.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'ring_rx.c') diff --git a/ring_rx.c b/ring_rx.c index 59cafd3..c42c353 100644 --- a/ring_rx.c +++ b/ring_rx.c @@ -40,7 +40,7 @@ void destroy_rx_ring(int sock, struct ring *ring) panic("Cannot destroy the RX_RING: %s!\n", strerror(errno)); } -void setup_rx_ring_layout(int sock, struct ring *ring, unsigned int size, +void setup_rx_ring_layout(int sock, struct ring *ring, size_t size, bool jumbo_support, bool v3) { fmemset(&ring->layout, 0, sizeof(ring->layout)); @@ -95,7 +95,7 @@ retry: if (ret < 0) panic("Cannot allocate RX_RING!\n"); - ring->mm_len = ring->layout.tp_block_size * ring->layout.tp_block_nr; + ring->mm_len = (size_t) ring->layout.tp_block_size * ring->layout.tp_block_nr; if (verbose) { if (!v3) { -- cgit v1.2.3-54-g00ecf