Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/sys/compat If SCARG(uap, what) = 0, copyin() will copy (size...



details:   https://anonhg.NetBSD.org/src/rev/289c54e1f0bb
branches:  trunk
changeset: 330079:289c54e1f0bb
user:      maxv <maxv%NetBSD.org@localhost>
date:      Sat Jun 21 10:23:07 2014 +0000

description:
If SCARG(uap, what) = 0, copyin() will copy (size_t)-1 bytes, and it's not
a good idea; but not proven harmful.

With the help of njoly@

diffstat:

 sys/compat/linux/common/linux_socketcall.c     |  6 +++---
 sys/compat/linux32/common/linux32_socketcall.c |  6 +++---
 2 files changed, 6 insertions(+), 6 deletions(-)

diffs (54 lines):

diff -r 9955dd930b80 -r 289c54e1f0bb sys/compat/linux/common/linux_socketcall.c
--- a/sys/compat/linux/common/linux_socketcall.c        Sat Jun 21 09:11:04 2014 +0000
+++ b/sys/compat/linux/common/linux_socketcall.c        Sat Jun 21 10:23:07 2014 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: linux_socketcall.c,v 1.43 2013/12/27 15:10:53 njoly Exp $      */
+/*     $NetBSD: linux_socketcall.c,v 1.44 2014/06/21 10:23:07 maxv Exp $       */
 
 /*-
  * Copyright (c) 1995, 1998 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: linux_socketcall.c,v 1.43 2013/12/27 15:10:53 njoly Exp $");
+__KERNEL_RCSID(0, "$NetBSD: linux_socketcall.c,v 1.44 2014/06/21 10:23:07 maxv Exp $");
 
 #include <sys/param.h>
 #include <sys/kernel.h>
@@ -125,7 +125,7 @@
        struct linux_socketcall_dummy_args lda;
        int error;
 
-       if (SCARG(uap, what) < 0 || SCARG(uap, what) > LINUX_MAX_SOCKETCALL)
+       if (SCARG(uap, what) <= 0 || SCARG(uap, what) > LINUX_MAX_SOCKETCALL)
                return ENOSYS;
 
        if ((error = copyin(SCARG(uap, args), &lda,
diff -r 9955dd930b80 -r 289c54e1f0bb sys/compat/linux32/common/linux32_socketcall.c
--- a/sys/compat/linux32/common/linux32_socketcall.c    Sat Jun 21 09:11:04 2014 +0000
+++ b/sys/compat/linux32/common/linux32_socketcall.c    Sat Jun 21 10:23:07 2014 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: linux32_socketcall.c,v 1.8 2012/05/10 19:38:23 christos Exp $ */
+/*     $NetBSD: linux32_socketcall.c,v 1.9 2014/06/21 10:23:07 maxv Exp $ */
 
 /*-
  * Copyright (c) 2006 Emmanuel Dreyfus, all rights reserved.
@@ -31,7 +31,7 @@
  * POSSIBILITY OF SUCH DAMAGE.
  */
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: linux32_socketcall.c,v 1.8 2012/05/10 19:38:23 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: linux32_socketcall.c,v 1.9 2014/06/21 10:23:07 maxv Exp $");
 
 #include <sys/types.h>
 #include <sys/param.h>
@@ -96,7 +96,7 @@
        union linux32_socketcall_args ua;
        int error;
 
-       if (SCARG(uap, what) < 0 || SCARG(uap, what) > LINUX32_MAX_SOCKETCALL)
+       if (SCARG(uap, what) <= 0 || SCARG(uap, what) > LINUX32_MAX_SOCKETCALL)
                return ENOSYS;
 
        if ((error = copyin(SCARG_P32(uap, args), &ua,



Home | Main Index | Thread Index | Old Index