d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

{ext2|ufs}_readdir: Set limit on valid ncookies values.

Browse Source 
Sanitize the values that will be assigned to ncookies so that we ensure
they are sane and we can handle them.

Let ncookies signed as it was before r328346. The valid range is such
that unsigned values are not required and we are not able to avoid at
least one cast anyways.

Hinted by:	bde
This commit is contained in:
Pedro F. Giffuni 2018-01-27 15:33:52 +00:00
parent cf6339882e
commit ee233ab975
2 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
sys/fs/ext2fs/ext2_lookup.c
View File

@ -145,14 +145,18 @@ ext2_readdir(struct vop_readdir_args *ap)
off_t offset, startoffset;
size_t readcnt, skipcnt;
ssize_t startresid;
u_int ncookies;
int ncookies;
int DIRBLKSIZ = VTOI(ap->a_vp)->i_e2fs->e2fs_bsize;
int error;
if (uio->uio_offset < 0)
return (EINVAL);
ip = VTOI(vp);
if (uio->uio_resid < 0)
uio->uio_resid = 0;
if (ap->a_ncookies != NULL) {
if (uio->uio_resid > MAXPHYS)
uio->uio_resid = MAXPHYS;
ncookies = uio->uio_resid;
if (uio->uio_offset >= ip->i_size)
ncookies = 0;

6
sys/ufs/ufs/ufs_vnops.c
View File

@ -2170,7 +2170,7 @@ ufs_readdir(ap)
off_t offset, startoffset;
size_t readcnt, skipcnt;
ssize_t startresid;
u_int ncookies;
int ncookies;
int error;
if (uio->uio_offset < 0)
@ -2178,7 +2178,11 @@ ufs_readdir(ap)
ip = VTOI(vp);
if (ip->i_effnlink == 0)
return (0);
if (uio->uio_resid < 0)
uio->uio_resid = 0;
if (ap->a_ncookies != NULL) {
if (uio->uio_resid > MAXPHYS)
uio->uio_resid = MAXPHYS;
ncookies = uio->uio_resid;
if (uio->uio_offset >= ip->i_size)
ncookies = 0;