The freebsd4_getfsstat() was broken in r281551 to always return 0 on success.

All versions of getfsstat(3) are supposed to return the number of [o]statfs
structs in the array that was copied out.

Also fix missing bounds checking and signed comparison of unsigned types.

Submitted by:	bde@
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
This commit is contained in:
trasz 2015-11-20 14:08:12 +00:00
parent bbdebe789d
commit a6632d64f5

View File

@ -435,6 +435,8 @@ sys_getfsstat(td, uap)
size_t count; size_t count;
int error; int error;
if (uap->bufsize < 0 || uap->bufsize > SIZE_MAX)
return (EINVAL);
error = kern_getfsstat(td, &uap->buf, uap->bufsize, &count, error = kern_getfsstat(td, &uap->buf, uap->bufsize, &count,
UIO_USERSPACE, uap->flags); UIO_USERSPACE, uap->flags);
if (error == 0) if (error == 0)
@ -625,13 +627,18 @@ freebsd4_getfsstat(td, uap)
size_t count, size; size_t count, size;
int error; int error;
if (uap->bufsize < 0)
return (EINVAL);
count = uap->bufsize / sizeof(struct ostatfs); count = uap->bufsize / sizeof(struct ostatfs);
if (count > SIZE_MAX / sizeof(struct statfs))
return (EINVAL);
size = count * sizeof(struct statfs); size = count * sizeof(struct statfs);
error = kern_getfsstat(td, &buf, size, &count, UIO_SYSSPACE, error = kern_getfsstat(td, &buf, size, &count, UIO_SYSSPACE,
uap->flags); uap->flags);
if (size > 0) { td->td_retval[0] = count;
if (size != 0) {
sp = buf; sp = buf;
while (count > 0 && error == 0) { while (count != 0 && error == 0) {
cvtstatfs(sp, &osb); cvtstatfs(sp, &osb);
error = copyout(&osb, uap->buf, sizeof(osb)); error = copyout(&osb, uap->buf, sizeof(osb));
sp++; sp++;
@ -640,8 +647,6 @@ freebsd4_getfsstat(td, uap)
} }
free(buf, M_TEMP); free(buf, M_TEMP);
} }
if (error == 0)
td->td_retval[0] = count;
return (error); return (error);
} }