Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src An (un)privileged user can easily make the kernel dereferenc...
details: https://anonhg.NetBSD.org/src/rev/8853181ff8b2
branches: trunk
changeset: 328748:8853181ff8b2
user: maxv <maxv%NetBSD.org@localhost>
date: Wed Apr 16 18:55:17 2014 +0000
description:
An (un)privileged user can easily make the kernel dereference a NULL
pointer.
The kernel allows 'data' to be NULL; it's the fs's responsibility to
ensure that it isn't NULL (if the fs actually needs data).
ok christos@
diffstat:
external/cddl/osnet/dist/uts/common/fs/zfs/zfs_vfsops.c | 3 +++
sys/coda/coda_vfsops.c | 6 ++++--
sys/fs/adosfs/advfsops.c | 6 ++++--
sys/fs/cd9660/cd9660_vfsops.c | 6 ++++--
sys/fs/efs/efs_vfsops.c | 6 ++++--
sys/fs/filecorefs/filecore_vfsops.c | 6 ++++--
sys/fs/hfs/hfs_vfsops.c | 6 ++++--
sys/fs/msdosfs/msdosfs_vfsops.c | 6 ++++--
sys/fs/nilfs/nilfs_vfsops.c | 6 ++++--
sys/fs/ntfs/ntfs_vfsops.c | 6 ++++--
sys/fs/ptyfs/ptyfs_vfsops.c | 6 ++++--
sys/fs/puffs/puffs_vfsops.c | 12 ++++--------
sys/fs/smbfs/smbfs_vfsops.c | 6 ++++--
sys/fs/sysvbfs/sysvbfs_vfsops.c | 6 ++++--
sys/fs/tmpfs/tmpfs_vfsops.c | 7 +++++--
sys/fs/udf/udf_vfsops.c | 6 ++++--
sys/fs/union/union_vfsops.c | 6 ++++--
sys/fs/unionfs/unionfs_vfsops.c | 2 ++
sys/fs/v7fs/v7fs_vfsops.c | 6 ++++--
sys/kern/vfs_syscalls.c | 8 ++++++--
sys/miscfs/nullfs/null_vfsops.c | 6 ++++--
sys/miscfs/overlay/overlay_vfsops.c | 6 ++++--
sys/miscfs/procfs/procfs_vfsops.c | 7 +++++--
sys/miscfs/umapfs/umap_vfsops.c | 6 ++++--
sys/nfs/nfs_vfsops.c | 6 ++++--
sys/ufs/chfs/chfs_vfsops.c | 4 +++-
sys/ufs/ext2fs/ext2fs_vfsops.c | 6 ++++--
sys/ufs/ffs/ffs_vfsops.c | 6 ++++--
sys/ufs/lfs/lfs_vfsops.c | 6 ++++--
sys/ufs/mfs/mfs_vfsops.c | 6 ++++--
30 files changed, 120 insertions(+), 61 deletions(-)
diffs (truncated from 789 to 300 lines):
diff -r bd6580340dfe -r 8853181ff8b2 external/cddl/osnet/dist/uts/common/fs/zfs/zfs_vfsops.c
--- a/external/cddl/osnet/dist/uts/common/fs/zfs/zfs_vfsops.c Wed Apr 16 14:33:43 2014 +0000
+++ b/external/cddl/osnet/dist/uts/common/fs/zfs/zfs_vfsops.c Wed Apr 16 18:55:17 2014 +0000
@@ -1596,6 +1596,9 @@
if (mvp->v_type != VDIR)
return (ENOTDIR);
+ if (uap == NULL)
+ return (EINVAL);
+
mutex_enter(mvp->v_interlock);
if ((uap->flags & MS_REMOUNT) == 0 &&
(uap->flags & MS_OVERLAY) == 0 &&
diff -r bd6580340dfe -r 8853181ff8b2 sys/coda/coda_vfsops.c
--- a/sys/coda/coda_vfsops.c Wed Apr 16 14:33:43 2014 +0000
+++ b/sys/coda/coda_vfsops.c Wed Apr 16 18:55:17 2014 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: coda_vfsops.c,v 1.80 2014/03/23 15:21:15 hannken Exp $ */
+/* $NetBSD: coda_vfsops.c,v 1.81 2014/04/16 18:55:17 maxv Exp $ */
/*
*
@@ -45,7 +45,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: coda_vfsops.c,v 1.80 2014/03/23 15:21:15 hannken Exp $");
+__KERNEL_RCSID(0, "$NetBSD: coda_vfsops.c,v 1.81 2014/04/16 18:55:17 maxv Exp $");
#ifndef _KERNEL_OPT
#define NVCODA 4
@@ -178,6 +178,8 @@
CodaFid ctlfid = CTL_FID;
int error;
+ if (data == NULL)
+ return EINVAL;
if (vfsp->mnt_flag & MNT_GETARGS)
return EINVAL;
ENTRY;
diff -r bd6580340dfe -r 8853181ff8b2 sys/fs/adosfs/advfsops.c
--- a/sys/fs/adosfs/advfsops.c Wed Apr 16 14:33:43 2014 +0000
+++ b/sys/fs/adosfs/advfsops.c Wed Apr 16 18:55:17 2014 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: advfsops.c,v 1.69 2014/03/23 15:21:15 hannken Exp $ */
+/* $NetBSD: advfsops.c,v 1.70 2014/04/16 18:55:18 maxv Exp $ */
/*
* Copyright (c) 1994 Christian E. Hopps
@@ -32,7 +32,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: advfsops.c,v 1.69 2014/03/23 15:21:15 hannken Exp $");
+__KERNEL_RCSID(0, "$NetBSD: advfsops.c,v 1.70 2014/04/16 18:55:18 maxv Exp $");
#if defined(_KERNEL_OPT)
#include "opt_compat_netbsd.h"
@@ -92,6 +92,8 @@
int error;
mode_t accessmode;
+ if (args == NULL)
+ return EINVAL;
if (*data_len < sizeof *args)
return EINVAL;
diff -r bd6580340dfe -r 8853181ff8b2 sys/fs/cd9660/cd9660_vfsops.c
--- a/sys/fs/cd9660/cd9660_vfsops.c Wed Apr 16 14:33:43 2014 +0000
+++ b/sys/fs/cd9660/cd9660_vfsops.c Wed Apr 16 18:55:17 2014 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: cd9660_vfsops.c,v 1.83 2014/03/24 04:03:25 dholland Exp $ */
+/* $NetBSD: cd9660_vfsops.c,v 1.84 2014/04/16 18:55:18 maxv Exp $ */
/*-
* Copyright (c) 1994
@@ -37,7 +37,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: cd9660_vfsops.c,v 1.83 2014/03/24 04:03:25 dholland Exp $");
+__KERNEL_RCSID(0, "$NetBSD: cd9660_vfsops.c,v 1.84 2014/04/16 18:55:18 maxv Exp $");
#if defined(_KERNEL_OPT)
#include "opt_compat_netbsd.h"
@@ -216,6 +216,8 @@
int error;
struct iso_mnt *imp = VFSTOISOFS(mp);
+ if (args == NULL)
+ return EINVAL;
if (*data_len < sizeof *args)
return EINVAL;
diff -r bd6580340dfe -r 8853181ff8b2 sys/fs/efs/efs_vfsops.c
--- a/sys/fs/efs/efs_vfsops.c Wed Apr 16 14:33:43 2014 +0000
+++ b/sys/fs/efs/efs_vfsops.c Wed Apr 16 18:55:17 2014 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: efs_vfsops.c,v 1.24 2012/12/20 08:03:42 hannken Exp $ */
+/* $NetBSD: efs_vfsops.c,v 1.25 2014/04/16 18:55:18 maxv Exp $ */
/*
* Copyright (c) 2006 Stephen M. Rumble <rumble%ephemeral.org@localhost>
@@ -17,7 +17,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: efs_vfsops.c,v 1.24 2012/12/20 08:03:42 hannken Exp $");
+__KERNEL_RCSID(0, "$NetBSD: efs_vfsops.c,v 1.25 2014/04/16 18:55:18 maxv Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -180,6 +180,8 @@
struct vnode *devvp;
int err, mode;
+ if (args == NULL)
+ return EINVAL;
if (*data_len < sizeof *args)
return EINVAL;
diff -r bd6580340dfe -r 8853181ff8b2 sys/fs/filecorefs/filecore_vfsops.c
--- a/sys/fs/filecorefs/filecore_vfsops.c Wed Apr 16 14:33:43 2014 +0000
+++ b/sys/fs/filecorefs/filecore_vfsops.c Wed Apr 16 18:55:17 2014 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: filecore_vfsops.c,v 1.75 2014/03/23 15:21:15 hannken Exp $ */
+/* $NetBSD: filecore_vfsops.c,v 1.76 2014/04/16 18:55:18 maxv Exp $ */
/*-
* Copyright (c) 1994 The Regents of the University of California.
@@ -66,7 +66,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: filecore_vfsops.c,v 1.75 2014/03/23 15:21:15 hannken Exp $");
+__KERNEL_RCSID(0, "$NetBSD: filecore_vfsops.c,v 1.76 2014/04/16 18:55:18 maxv Exp $");
#if defined(_KERNEL_OPT)
#include "opt_compat_netbsd.h"
@@ -229,6 +229,8 @@
int error;
struct filecore_mnt *fcmp = NULL;
+ if (args == NULL)
+ return EINVAL;
if (*data_len < sizeof *args)
return EINVAL;
diff -r bd6580340dfe -r 8853181ff8b2 sys/fs/hfs/hfs_vfsops.c
--- a/sys/fs/hfs/hfs_vfsops.c Wed Apr 16 14:33:43 2014 +0000
+++ b/sys/fs/hfs/hfs_vfsops.c Wed Apr 16 18:55:17 2014 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: hfs_vfsops.c,v 1.30 2014/03/23 15:21:15 hannken Exp $ */
+/* $NetBSD: hfs_vfsops.c,v 1.31 2014/04/16 18:55:18 maxv Exp $ */
/*-
* Copyright (c) 2005, 2007 The NetBSD Foundation, Inc.
@@ -99,7 +99,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: hfs_vfsops.c,v 1.30 2014/03/23 15:21:15 hannken Exp $");
+__KERNEL_RCSID(0, "$NetBSD: hfs_vfsops.c,v 1.31 2014/04/16 18:55:18 maxv Exp $");
#ifdef _KERNEL_OPT
#include "opt_compat_netbsd.h"
@@ -201,6 +201,8 @@
int update;
mode_t accessmode;
+ if (args == NULL)
+ return EINVAL;
if (*data_len < sizeof *args)
return EINVAL;
diff -r bd6580340dfe -r 8853181ff8b2 sys/fs/msdosfs/msdosfs_vfsops.c
--- a/sys/fs/msdosfs/msdosfs_vfsops.c Wed Apr 16 14:33:43 2014 +0000
+++ b/sys/fs/msdosfs/msdosfs_vfsops.c Wed Apr 16 18:55:17 2014 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: msdosfs_vfsops.c,v 1.106 2014/03/23 15:21:15 hannken Exp $ */
+/* $NetBSD: msdosfs_vfsops.c,v 1.107 2014/04/16 18:55:18 maxv Exp $ */
/*-
* Copyright (C) 1994, 1995, 1997 Wolfgang Solfrank.
@@ -48,7 +48,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: msdosfs_vfsops.c,v 1.106 2014/03/23 15:21:15 hannken Exp $");
+__KERNEL_RCSID(0, "$NetBSD: msdosfs_vfsops.c,v 1.107 2014/04/16 18:55:18 maxv Exp $");
#if defined(_KERNEL_OPT)
#include "opt_compat_netbsd.h"
@@ -284,6 +284,8 @@
int error, flags;
mode_t accessmode;
+ if (args == NULL)
+ return EINVAL;
if (*data_len < sizeof *args)
return EINVAL;
diff -r bd6580340dfe -r 8853181ff8b2 sys/fs/nilfs/nilfs_vfsops.c
--- a/sys/fs/nilfs/nilfs_vfsops.c Wed Apr 16 14:33:43 2014 +0000
+++ b/sys/fs/nilfs/nilfs_vfsops.c Wed Apr 16 18:55:17 2014 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: nilfs_vfsops.c,v 1.15 2014/03/23 15:21:15 hannken Exp $ */
+/* $NetBSD: nilfs_vfsops.c,v 1.16 2014/04/16 18:55:18 maxv Exp $ */
/*
* Copyright (c) 2008, 2009 Reinoud Zandijk
@@ -28,7 +28,7 @@
#include <sys/cdefs.h>
#ifndef lint
-__KERNEL_RCSID(0, "$NetBSD: nilfs_vfsops.c,v 1.15 2014/03/23 15:21:15 hannken Exp $");
+__KERNEL_RCSID(0, "$NetBSD: nilfs_vfsops.c,v 1.16 2014/04/16 18:55:18 maxv Exp $");
#endif /* not lint */
@@ -800,6 +800,8 @@
DPRINTF(VFSCALL, ("nilfs_mount called\n"));
+ if (args == NULL)
+ return EINVAL;
if (*data_len < sizeof *args)
return EINVAL;
diff -r bd6580340dfe -r 8853181ff8b2 sys/fs/ntfs/ntfs_vfsops.c
--- a/sys/fs/ntfs/ntfs_vfsops.c Wed Apr 16 14:33:43 2014 +0000
+++ b/sys/fs/ntfs/ntfs_vfsops.c Wed Apr 16 18:55:17 2014 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ntfs_vfsops.c,v 1.93 2014/03/23 15:21:15 hannken Exp $ */
+/* $NetBSD: ntfs_vfsops.c,v 1.94 2014/04/16 18:55:18 maxv Exp $ */
/*-
* Copyright (c) 1998, 1999 Semen Ustimenko
@@ -29,7 +29,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ntfs_vfsops.c,v 1.93 2014/03/23 15:21:15 hannken Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ntfs_vfsops.c,v 1.94 2014/04/16 18:55:18 maxv Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -172,6 +172,8 @@
struct vnode *devvp;
struct ntfs_args *args = data;
+ if (args == NULL)
+ return EINVAL;
if (*data_len < sizeof *args)
return EINVAL;
diff -r bd6580340dfe -r 8853181ff8b2 sys/fs/ptyfs/ptyfs_vfsops.c
--- a/sys/fs/ptyfs/ptyfs_vfsops.c Wed Apr 16 14:33:43 2014 +0000
+++ b/sys/fs/ptyfs/ptyfs_vfsops.c Wed Apr 16 18:55:17 2014 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ptyfs_vfsops.c,v 1.49 2014/04/04 18:10:29 christos Exp $ */
+/* $NetBSD: ptyfs_vfsops.c,v 1.50 2014/04/16 18:55:18 maxv Exp $ */
/*
* Copyright (c) 1992, 1993, 1995
@@ -38,7 +38,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ptyfs_vfsops.c,v 1.49 2014/04/04 18:10:29 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ptyfs_vfsops.c,v 1.50 2014/04/16 18:55:18 maxv Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -259,6 +259,8 @@
struct ptyfsmount *pmnt;
struct ptyfs_args *args = data;
+ if (args == NULL)
+ return EINVAL;
if (*data_len != sizeof *args && *data_len != OSIZE)
return EINVAL;
diff -r bd6580340dfe -r 8853181ff8b2 sys/fs/puffs/puffs_vfsops.c
--- a/sys/fs/puffs/puffs_vfsops.c Wed Apr 16 14:33:43 2014 +0000
+++ b/sys/fs/puffs/puffs_vfsops.c Wed Apr 16 18:55:17 2014 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: puffs_vfsops.c,v 1.109 2014/03/23 15:21:15 hannken Exp $ */
+/* $NetBSD: puffs_vfsops.c,v 1.110 2014/04/16 18:55:18 maxv Exp $ */
/*
* Copyright (c) 2005, 2006 Antti Kantee. All Rights Reserved.
@@ -30,7 +30,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: puffs_vfsops.c,v 1.109 2014/03/23 15:21:15 hannken Exp $");
+__KERNEL_RCSID(0, "$NetBSD: puffs_vfsops.c,v 1.110 2014/04/16 18:55:18 maxv Exp $");
#include <sys/param.h>
Home |
Main Index |
Thread Index |
Old Index