Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/dev/scsipi Add sanity checks to SCIOCCOMMAND, adapter dr...
details:   https://anonhg.NetBSD.org/src/rev/4828c35f09d2
branches:  trunk
changeset: 841625:4828c35f09d2
user:      mlelstv <mlelstv%NetBSD.org@localhost>
date:      Sun May 26 08:12:41 2019 +0000
description:
Add sanity checks to SCIOCCOMMAND, adapter drivers might be confused or trigger
assertions (e.g. umass).
diffstat:
 sys/dev/scsipi/scsipi_ioctl.c |  14 +++++++++++---
 1 files changed, 11 insertions(+), 3 deletions(-)
diffs (38 lines):
diff -r 6a462b4ee5d5 -r 4828c35f09d2 sys/dev/scsipi/scsipi_ioctl.c
--- a/sys/dev/scsipi/scsipi_ioctl.c     Sun May 26 07:47:37 2019 +0000
+++ b/sys/dev/scsipi/scsipi_ioctl.c     Sun May 26 08:12:41 2019 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: scsipi_ioctl.c,v 1.70 2018/09/03 16:29:33 riastradh Exp $      */
+/*     $NetBSD: scsipi_ioctl.c,v 1.71 2019/05/26 08:12:41 mlelstv Exp $        */
 
 /*-
  * Copyright (c) 1998, 2004 The NetBSD Foundation, Inc.
@@ -37,7 +37,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: scsipi_ioctl.c,v 1.70 2018/09/03 16:29:33 riastradh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: scsipi_ioctl.c,v 1.71 2019/05/26 08:12:41 mlelstv Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_compat_freebsd.h"
@@ -328,10 +328,18 @@
                struct scsi_ioctl *si;
                int len;
 
+               len = screq->datalen;
+
+               /*
+                * If there is data, there must be a data buffer and a direction specified
+                */
+               if (len > 0 && (screq->databuf == NULL ||
+                   (screq->flags & (SCCMD_READ|SCCMD_WRITE)) == 0))
+                       return (EINVAL);
+
                si = si_get();
                si->si_screq = *screq;
                si->si_periph = periph;
-               len = screq->datalen;
                if (len) {
                        si->si_iov.iov_base = screq->databuf;
                        si->si_iov.iov_len = len;
Home |
Main Index |
Thread Index |
Old Index