svn commit: r328479 - in head/sys: fs/ext2fs ufs/ufs

Warner Losh imp at bsdimp.com
Sat Jan 27 16:21:59 UTC 2018 

You aren't allowed to set resid like this. Changes in resid indicate amount
of I/O done. If you think it's bogus, you need to either return EINVAL or
use a smaller value to figure out your buffer sizes. Thi s is bogus, please
back it out.

Warner

On Jan 27, 2018 8:34 AM, "Pedro F. Giffuni" <pfg at freebsd.org> wrote:

> Author: pfg
> Date: Sat Jan 27 15:33:52 2018
> New Revision: 328479
> URL: https://svnweb.freebsd.org/changeset/base/328479
>
> Log:
>   {ext2|ufs}_readdir: Set limit on valid ncookies values.
>
>   Sanitize the values that will be assigned to ncookies so that we ensure
>   they are sane and we can handle them.
>
>   Let ncookies signed as it was before r328346. The valid range is such
>   that unsigned values are not required and we are not able to avoid at
>   least one cast anyways.
>
>   Hinted by:    bde
>
> Modified:
>   head/sys/fs/ext2fs/ext2_lookup.c
>   head/sys/ufs/ufs/ufs_vnops.c
>
> Modified: head/sys/fs/ext2fs/ext2_lookup.c
> ============================================================
> ==================
> --- head/sys/fs/ext2fs/ext2_lookup.c    Sat Jan 27 13:46:55 2018
> (r328478)
> +++ head/sys/fs/ext2fs/ext2_lookup.c    Sat Jan 27 15:33:52 2018
> (r328479)
> @@ -145,14 +145,18 @@ ext2_readdir(struct vop_readdir_args *ap)
>         off_t offset, startoffset;
>         size_t readcnt, skipcnt;
>         ssize_t startresid;
> -       u_int ncookies;
> +       int ncookies;
>         int DIRBLKSIZ = VTOI(ap->a_vp)->i_e2fs->e2fs_bsize;
>         int error;
>
>         if (uio->uio_offset < 0)
>                 return (EINVAL);
>         ip = VTOI(vp);
> +       if (uio->uio_resid < 0)
> +               uio->uio_resid = 0;
>         if (ap->a_ncookies != NULL) {
> +               if (uio->uio_resid > MAXPHYS)
> +                       uio->uio_resid = MAXPHYS;
>                 ncookies = uio->uio_resid;
>                 if (uio->uio_offset >= ip->i_size)
>                         ncookies = 0;
>
> Modified: head/sys/ufs/ufs/ufs_vnops.c
> ============================================================
> ==================
> --- head/sys/ufs/ufs/ufs_vnops.c        Sat Jan 27 13:46:55 2018
> (r328478)
> +++ head/sys/ufs/ufs/ufs_vnops.c        Sat Jan 27 15:33:52 2018
> (r328479)
> @@ -2170,7 +2170,7 @@ ufs_readdir(ap)
>         off_t offset, startoffset;
>         size_t readcnt, skipcnt;
>         ssize_t startresid;
> -       u_int ncookies;
> +       int ncookies;
>         int error;
>
>         if (uio->uio_offset < 0)
> @@ -2178,7 +2178,11 @@ ufs_readdir(ap)
>         ip = VTOI(vp);
>         if (ip->i_effnlink == 0)
>                 return (0);
> +       if (uio->uio_resid < 0)
> +               uio->uio_resid = 0;
>         if (ap->a_ncookies != NULL) {
> +               if (uio->uio_resid > MAXPHYS)
> +                       uio->uio_resid = MAXPHYS;
>                 ncookies = uio->uio_resid;
>                 if (uio->uio_offset >= ip->i_size)
>                         ncookies = 0;
>
>

More information about the svn-src-head mailing list