svn commit: r328479 - in head/sys: fs/ext2fs ufs/ufs
Warner Losh
imp at bsdimp.com
Sat Jan 27 16:21:59 UTC 2018
You aren't allowed to set resid like this. Changes in resid indicate amount
of I/O done. If you think it's bogus, you need to either return EINVAL or
use a smaller value to figure out your buffer sizes. Thi s is bogus, please
back it out.
Warner
On Jan 27, 2018 8:34 AM, "Pedro F. Giffuni" <pfg at freebsd.org> wrote:
> Author: pfg
> Date: Sat Jan 27 15:33:52 2018
> New Revision: 328479
> URL: https://svnweb.freebsd.org/changeset/base/328479
>
> Log:
> {ext2|ufs}_readdir: Set limit on valid ncookies values.
>
> Sanitize the values that will be assigned to ncookies so that we ensure
> they are sane and we can handle them.
>
> Let ncookies signed as it was before r328346. The valid range is such
> that unsigned values are not required and we are not able to avoid at
> least one cast anyways.
>
> Hinted by: bde
>
> Modified:
> head/sys/fs/ext2fs/ext2_lookup.c
> head/sys/ufs/ufs/ufs_vnops.c
>
> Modified: head/sys/fs/ext2fs/ext2_lookup.c
> ============================================================
> ==================
> --- head/sys/fs/ext2fs/ext2_lookup.c Sat Jan 27 13:46:55 2018
> (r328478)
> +++ head/sys/fs/ext2fs/ext2_lookup.c Sat Jan 27 15:33:52 2018
> (r328479)
> @@ -145,14 +145,18 @@ ext2_readdir(struct vop_readdir_args *ap)
> off_t offset, startoffset;
> size_t readcnt, skipcnt;
> ssize_t startresid;
> - u_int ncookies;
> + int ncookies;
> int DIRBLKSIZ = VTOI(ap->a_vp)->i_e2fs->e2fs_bsize;
> int error;
>
> if (uio->uio_offset < 0)
> return (EINVAL);
> ip = VTOI(vp);
> + if (uio->uio_resid < 0)
> + uio->uio_resid = 0;
> if (ap->a_ncookies != NULL) {
> + if (uio->uio_resid > MAXPHYS)
> + uio->uio_resid = MAXPHYS;
> ncookies = uio->uio_resid;
> if (uio->uio_offset >= ip->i_size)
> ncookies = 0;
>
> Modified: head/sys/ufs/ufs/ufs_vnops.c
> ============================================================
> ==================
> --- head/sys/ufs/ufs/ufs_vnops.c Sat Jan 27 13:46:55 2018
> (r328478)
> +++ head/sys/ufs/ufs/ufs_vnops.c Sat Jan 27 15:33:52 2018
> (r328479)
> @@ -2170,7 +2170,7 @@ ufs_readdir(ap)
> off_t offset, startoffset;
> size_t readcnt, skipcnt;
> ssize_t startresid;
> - u_int ncookies;
> + int ncookies;
> int error;
>
> if (uio->uio_offset < 0)
> @@ -2178,7 +2178,11 @@ ufs_readdir(ap)
> ip = VTOI(vp);
> if (ip->i_effnlink == 0)
> return (0);
> + if (uio->uio_resid < 0)
> + uio->uio_resid = 0;
> if (ap->a_ncookies != NULL) {
> + if (uio->uio_resid > MAXPHYS)
> + uio->uio_resid = MAXPHYS;
> ncookies = uio->uio_resid;
> if (uio->uio_offset >= ip->i_size)
> ncookies = 0;
>
>
More information about the svn-src-head
mailing list