When checking if file descriptor number is valid, explicitely check for 'fd'
being less than 0 instead of using cast-to-unsigned hack. Today's commit was brought to you by the letters 'B', 'D' and 'E' :)
This commit is contained in:
parent
eb55578582
commit
620216725a
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=237036
@ -243,7 +243,7 @@ fd_last_used(struct filedesc *fdp, int size)
|
|||||||
static int
|
static int
|
||||||
fdisused(struct filedesc *fdp, int fd)
|
fdisused(struct filedesc *fdp, int fd)
|
||||||
{
|
{
|
||||||
KASSERT((unsigned int)fd < fdp->fd_nfiles,
|
KASSERT(fd >= 0 && fd < fdp->fd_nfiles,
|
||||||
("file descriptor %d out of range (0, %d)", fd, fdp->fd_nfiles));
|
("file descriptor %d out of range (0, %d)", fd, fdp->fd_nfiles));
|
||||||
return ((fdp->fd_map[NDSLOT(fd)] & NDBIT(fd)) != 0);
|
return ((fdp->fd_map[NDSLOT(fd)] & NDBIT(fd)) != 0);
|
||||||
}
|
}
|
||||||
@ -433,7 +433,7 @@ fdtofp(int fd, struct filedesc *fdp)
|
|||||||
|
|
||||||
FILEDESC_LOCK_ASSERT(fdp);
|
FILEDESC_LOCK_ASSERT(fdp);
|
||||||
|
|
||||||
if ((unsigned)fd >= fdp->fd_nfiles)
|
if (fd < 0 || fd >= fdp->fd_nfiles)
|
||||||
return (NULL);
|
return (NULL);
|
||||||
|
|
||||||
return (fdp->fd_ofiles[fd]);
|
return (fdp->fd_ofiles[fd]);
|
||||||
@ -677,7 +677,7 @@ kern_fcntl(struct thread *td, int fd, int cmd, intptr_t arg)
|
|||||||
vfslocked = 0;
|
vfslocked = 0;
|
||||||
/* Check for race with close */
|
/* Check for race with close */
|
||||||
FILEDESC_SLOCK(fdp);
|
FILEDESC_SLOCK(fdp);
|
||||||
if ((unsigned) fd >= fdp->fd_nfiles ||
|
if (fd < 0 || fd >= fdp->fd_nfiles ||
|
||||||
fp != fdp->fd_ofiles[fd]) {
|
fp != fdp->fd_ofiles[fd]) {
|
||||||
FILEDESC_SUNLOCK(fdp);
|
FILEDESC_SUNLOCK(fdp);
|
||||||
flp->l_whence = SEEK_SET;
|
flp->l_whence = SEEK_SET;
|
||||||
@ -1197,7 +1197,7 @@ kern_close(td, fd)
|
|||||||
AUDIT_SYSCLOSE(td, fd);
|
AUDIT_SYSCLOSE(td, fd);
|
||||||
|
|
||||||
FILEDESC_XLOCK(fdp);
|
FILEDESC_XLOCK(fdp);
|
||||||
if ((unsigned)fd >= fdp->fd_nfiles ||
|
if (fd < 0 || fd >= fdp->fd_nfiles ||
|
||||||
(fp = fdp->fd_ofiles[fd]) == NULL) {
|
(fp = fdp->fd_ofiles[fd]) == NULL) {
|
||||||
FILEDESC_XUNLOCK(fdp);
|
FILEDESC_XUNLOCK(fdp);
|
||||||
return (EBADF);
|
return (EBADF);
|
||||||
@ -1500,7 +1500,7 @@ fdalloc(struct thread *td, int minfd, int *result)
|
|||||||
* Perform some sanity checks, then mark the file descriptor as
|
* Perform some sanity checks, then mark the file descriptor as
|
||||||
* used and return it to the caller.
|
* used and return it to the caller.
|
||||||
*/
|
*/
|
||||||
KASSERT((unsigned int)fd < min(maxfd, fdp->fd_nfiles),
|
KASSERT(fd >= 0 && fd < min(maxfd, fdp->fd_nfiles),
|
||||||
("invalid descriptor %d", fd));
|
("invalid descriptor %d", fd));
|
||||||
KASSERT(!fdisused(fdp, fd),
|
KASSERT(!fdisused(fdp, fd),
|
||||||
("fd_first_free() returned non-free descriptor"));
|
("fd_first_free() returned non-free descriptor"));
|
||||||
@ -2213,7 +2213,7 @@ fget_unlocked(struct filedesc *fdp, int fd)
|
|||||||
struct file *fp;
|
struct file *fp;
|
||||||
u_int count;
|
u_int count;
|
||||||
|
|
||||||
if ((unsigned int)fd >= fdp->fd_nfiles)
|
if (fd < 0 || fd >= fdp->fd_nfiles)
|
||||||
return (NULL);
|
return (NULL);
|
||||||
/*
|
/*
|
||||||
* Fetch the descriptor locklessly. We avoid fdrop() races by
|
* Fetch the descriptor locklessly. We avoid fdrop() races by
|
||||||
@ -2602,7 +2602,7 @@ dupfdopen(struct thread *td, struct filedesc *fdp, int dfd, int mode, int opener
|
|||||||
* closed, then reject.
|
* closed, then reject.
|
||||||
*/
|
*/
|
||||||
FILEDESC_XLOCK(fdp);
|
FILEDESC_XLOCK(fdp);
|
||||||
if ((unsigned int)dfd >= fdp->fd_nfiles ||
|
if (dfd < 0 || dfd >= fdp->fd_nfiles ||
|
||||||
(fp = fdp->fd_ofiles[dfd]) == NULL) {
|
(fp = fdp->fd_ofiles[dfd]) == NULL) {
|
||||||
FILEDESC_XUNLOCK(fdp);
|
FILEDESC_XUNLOCK(fdp);
|
||||||
return (EBADF);
|
return (EBADF);
|
||||||
|
@ -1872,7 +1872,7 @@ unp_internalize(struct mbuf **controlp, struct thread *td)
|
|||||||
FILEDESC_SLOCK(fdescp);
|
FILEDESC_SLOCK(fdescp);
|
||||||
for (i = 0; i < oldfds; i++) {
|
for (i = 0; i < oldfds; i++) {
|
||||||
fd = *fdp++;
|
fd = *fdp++;
|
||||||
if ((unsigned)fd >= fdescp->fd_nfiles ||
|
if (fd < 0 || fd >= fdescp->fd_nfiles ||
|
||||||
fdescp->fd_ofiles[fd] == NULL) {
|
fdescp->fd_ofiles[fd] == NULL) {
|
||||||
FILEDESC_SUNLOCK(fdescp);
|
FILEDESC_SUNLOCK(fdescp);
|
||||||
error = EBADF;
|
error = EBADF;
|
||||||
|
@ -375,7 +375,7 @@ nsmb_getfp(struct filedesc* fdp, int fd, int flag)
|
|||||||
struct file* fp;
|
struct file* fp;
|
||||||
|
|
||||||
FILEDESC_SLOCK(fdp);
|
FILEDESC_SLOCK(fdp);
|
||||||
if (((u_int)fd) >= fdp->fd_nfiles ||
|
if (fd < 0 || fd >= fdp->fd_nfiles ||
|
||||||
(fp = fdp->fd_ofiles[fd]) == NULL ||
|
(fp = fdp->fd_ofiles[fd]) == NULL ||
|
||||||
(fp->f_flag & flag) == 0) {
|
(fp->f_flag & flag) == 0) {
|
||||||
FILEDESC_SUNLOCK(fdp);
|
FILEDESC_SUNLOCK(fdp);
|
||||||
|
Loading…
Reference in New Issue
Block a user