Handle copyout for the fcntl(F_OGETLK) using oflock structure.

Otherwise, kernel overwrites a word past the destination. Submitted by: walter@pelissero.de PR: 196718 MFC after: 1 week
svn path=/head/; revision=285269
2015-07-08 13:19:13 +00:00 · 2015-07-08 13:19:13 +00:00 · 69d11def74 · 2020-12-20 02:59:44 +00:00
commit 69d11def74
parent cb02f6b942
1 changed files with 6 additions and 5 deletions
--- a/sys/kern/kern_descrip.c
+++ b/sys/kern/kern_descrip.c
@ -404,9 +404,10 @@ kern_fcntl_freebsd(struct thread *td, int fd, int cmd, long arg)
 	struct flock fl;
 	struct __oflock ofl;
 	intptr_t arg1;
-	int error;
+	int error, newcmd;

 	error = 0;
+	newcmd = cmd;
 	switch (cmd) {
 	case F_OGETLK:
 	case F_OSETLK:
@ -424,13 +425,13 @@ kern_fcntl_freebsd(struct thread *td, int fd, int cmd, long arg)

 		switch (cmd) {
 		case F_OGETLK:
-			cmd = F_GETLK;
+			newcmd = F_GETLK;
 			break;
 		case F_OSETLK:
-			cmd = F_SETLK;
+			newcmd = F_SETLK;
 			break;
 		case F_OSETLKW:
-			cmd = F_SETLKW;
+			newcmd = F_SETLKW;
 			break;
 		}
 		arg1 = (intptr_t)&fl;
@ -448,7 +449,7 @@ kern_fcntl_freebsd(struct thread *td, int fd, int cmd, long arg)
 	}
 	if (error)
 		return (error);
-	error = kern_fcntl(td, fd, cmd, arg1);
+	error = kern_fcntl(td, fd, newcmd, arg1);
 	if (error)
 		return (error);
 	if (cmd == F_OGETLK) {