svn commit: r328479 - in head/sys: fs/ext2fs ufs/ufs

Pedro F. Giffuni pfg at FreeBSD.org
Sat Jan 27 15:33:53 UTC 2018


Author: pfg
Date: Sat Jan 27 15:33:52 2018
New Revision: 328479
URL: https://svnweb.freebsd.org/changeset/base/328479

Log:
  {ext2|ufs}_readdir: Set limit on valid ncookies values.
  
  Sanitize the values that will be assigned to ncookies so that we ensure
  they are sane and we can handle them.
  
  Let ncookies signed as it was before r328346. The valid range is such
  that unsigned values are not required and we are not able to avoid at
  least one cast anyways.
  
  Hinted by:	bde

Modified:
  head/sys/fs/ext2fs/ext2_lookup.c
  head/sys/ufs/ufs/ufs_vnops.c

Modified: head/sys/fs/ext2fs/ext2_lookup.c
==============================================================================
--- head/sys/fs/ext2fs/ext2_lookup.c	Sat Jan 27 13:46:55 2018	(r328478)
+++ head/sys/fs/ext2fs/ext2_lookup.c	Sat Jan 27 15:33:52 2018	(r328479)
@@ -145,14 +145,18 @@ ext2_readdir(struct vop_readdir_args *ap)
 	off_t offset, startoffset;
 	size_t readcnt, skipcnt;
 	ssize_t startresid;
-	u_int ncookies;
+	int ncookies;
 	int DIRBLKSIZ = VTOI(ap->a_vp)->i_e2fs->e2fs_bsize;
 	int error;
 
 	if (uio->uio_offset < 0)
 		return (EINVAL);
 	ip = VTOI(vp);
+	if (uio->uio_resid < 0)
+		uio->uio_resid = 0;
 	if (ap->a_ncookies != NULL) {
+		if (uio->uio_resid > MAXPHYS)
+			uio->uio_resid = MAXPHYS;
 		ncookies = uio->uio_resid;
 		if (uio->uio_offset >= ip->i_size)
 			ncookies = 0;

Modified: head/sys/ufs/ufs/ufs_vnops.c
==============================================================================
--- head/sys/ufs/ufs/ufs_vnops.c	Sat Jan 27 13:46:55 2018	(r328478)
+++ head/sys/ufs/ufs/ufs_vnops.c	Sat Jan 27 15:33:52 2018	(r328479)
@@ -2170,7 +2170,7 @@ ufs_readdir(ap)
 	off_t offset, startoffset;
 	size_t readcnt, skipcnt;
 	ssize_t startresid;
-	u_int ncookies;
+	int ncookies;
 	int error;
 
 	if (uio->uio_offset < 0)
@@ -2178,7 +2178,11 @@ ufs_readdir(ap)
 	ip = VTOI(vp);
 	if (ip->i_effnlink == 0)
 		return (0);
+	if (uio->uio_resid < 0)
+		uio->uio_resid = 0;
 	if (ap->a_ncookies != NULL) {
+		if (uio->uio_resid > MAXPHYS)
+			uio->uio_resid = MAXPHYS;
 		ncookies = uio->uio_resid;
 		if (uio->uio_offset >= ip->i_size)
 			ncookies = 0;


More information about the svn-src-all mailing list