d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Avoid a 64-bit division in procfs_readdir(). Fixed related overflows.

Browse Source 
Check args using the same expression as in fdesc and kernfs.  The check
was actually already correct, modulo overflow.  It could be tightened
up to either allow huge (aligned) offsets, treating them as EOF, or
disallow all offsets beyond EOF.

Didn't fix invalid address calculation &foo[i] where i may be out of
bounds.

Didn't fix shooting of foot using a private unportable dirent struct.
This commit is contained in:
bde 1998-06-14 12:53:39 +00:00
parent 6ee3b26044
commit a336cb95ff
2 changed files with 12 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
sys/fs/procfs/procfs_vnops.c
View File

@ -36,7 +36,7 @@
*
* @(#)procfs_vnops.c 8.18 (Berkeley) 5/21/95
*
* $Id: procfs_vnops.c,v 1.57 1998/05/19 00:00:14 tegge Exp $
* $Id: procfs_vnops.c,v 1.58 1998/06/10 06:34:57 peter Exp $
*/
/*
@ -807,9 +807,7 @@ procfs_readdir(ap)
struct pfsdent d;
struct pfsdent *dp = &d;
struct pfsnode *pfs;
int error;
int count;
int i;
int count, error, i, off;
/*
* We don't allow exporting procfs mounts, and currently local
@ -820,16 +818,14 @@ procfs_readdir(ap)
pfs = VTOPFS(ap->a_vp);
if (uio->uio_resid < UIO_MX)
return (EINVAL);
if (uio->uio_offset & (UIO_MX-1))
return (EINVAL);
if (uio->uio_offset < 0)
off = (int)uio->uio_offset;
if (off != uio->uio_offset || off < 0 || (u_int)off % UIO_MX != 0 ||
uio->uio_resid < UIO_MX)
return (EINVAL);
error = 0;
count = 0;
i = uio->uio_offset / UIO_MX;
i = (u_int)off / UIO_MX;
switch (pfs->pfs_type) {
/*

16
sys/miscfs/procfs/procfs_vnops.c
View File

@ -36,7 +36,7 @@
*
* @(#)procfs_vnops.c 8.18 (Berkeley) 5/21/95
*
* $Id: procfs_vnops.c,v 1.57 1998/05/19 00:00:14 tegge Exp $
* $Id: procfs_vnops.c,v 1.58 1998/06/10 06:34:57 peter Exp $
*/
/*
@ -807,9 +807,7 @@ procfs_readdir(ap)
struct pfsdent d;
struct pfsdent *dp = &d;
struct pfsnode *pfs;
int error;
int count;
int i;
int count, error, i, off;
/*
* We don't allow exporting procfs mounts, and currently local
@ -820,16 +818,14 @@ procfs_readdir(ap)
pfs = VTOPFS(ap->a_vp);
if (uio->uio_resid < UIO_MX)
return (EINVAL);
if (uio->uio_offset & (UIO_MX-1))
return (EINVAL);
if (uio->uio_offset < 0)
off = (int)uio->uio_offset;
if (off != uio->uio_offset || off < 0 || (u_int)off % UIO_MX != 0 ||
uio->uio_resid < UIO_MX)
return (EINVAL);
error = 0;
count = 0;
i = uio->uio_offset / UIO_MX;
i = (u_int)off / UIO_MX;
switch (pfs->pfs_type) {
/*