Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/netbsd-2-0]: src/sys/miscfs/kernfs Pull up following revision(s) (reques...



details:   https://anonhg.NetBSD.org/src/rev/45a69ed6b6a5
branches:  netbsd-2-0
changeset: 564843:45a69ed6b6a5
user:      riz <riz%NetBSD.org@localhost>
date:      Thu Sep 01 17:53:25 2005 +0000

description:
Pull up following revision(s) (requested by christos in ticket #5637):
        sys/miscfs/kernfs/kernfs_vnops.c: revision 1.112
Also protect the ipsec ioctls from negative offsets to prevent panics
in m_copydata(). Pointed out by Karl Janmar. Move the negative offset
check from kernfs_xread() to kernfs_read().

diffstat:

 sys/miscfs/kernfs/kernfs_vnops.c |  12 ++++++------
 1 files changed, 6 insertions(+), 6 deletions(-)

diffs (40 lines):

diff -r 6d542d8a2dcc -r 45a69ed6b6a5 sys/miscfs/kernfs/kernfs_vnops.c
--- a/sys/miscfs/kernfs/kernfs_vnops.c  Wed Aug 31 13:43:38 2005 +0000
+++ b/sys/miscfs/kernfs/kernfs_vnops.c  Thu Sep 01 17:53:25 2005 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: kernfs_vnops.c,v 1.98.2.5 2005/08/31 13:29:11 tron Exp $       */
+/*     $NetBSD: kernfs_vnops.c,v 1.98.2.6 2005/09/01 17:53:25 riz Exp $        */
 
 /*
  * Copyright (c) 1992, 1993
@@ -39,7 +39,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kernfs_vnops.c,v 1.98.2.5 2005/08/31 13:29:11 tron Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kernfs_vnops.c,v 1.98.2.6 2005/09/01 17:53:25 riz Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_ipsec.h"
@@ -426,10 +426,6 @@
                 * message buffer header are corrupted, but that'll cause
                 * the system to die anyway.
                 */
-               if (off < 0) {
-                       *wrlen = 0;
-                       return EINVAL;
-               }
                if (off >= msgbufp->msg_bufs) {
                        *wrlen = 0;
                        return (0);
@@ -942,6 +938,10 @@
        if (ap->a_vp->v_type == VDIR)
                return (EOPNOTSUPP);
 
+       /* Don't allow negative offsets */
+       if (uio->uio_offset < 0)
+               return EINVAL;
+
        off = uio->uio_offset;
        buf = strbuf;
        if ((error = kernfs_xread(kfs, off, &buf, sizeof(strbuf), &len)) == 0)



Home | Main Index | Thread Index | Old Index