Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/kern readv(2), writev(2): Avoid arithmetic overflow in b...
details: https://anonhg.NetBSD.org/src/rev/81e488851258
branches: trunk
changeset: 368429:81e488851258
user: riastradh <riastradh%NetBSD.org@localhost>
date: Sun Jul 10 23:12:12 2022 +0000
description:
readv(2), writev(2): Avoid arithmetic overflow in bounds check.
diffstat:
sys/kern/sys_generic.c | 10 ++++++----
1 files changed, 6 insertions(+), 4 deletions(-)
diffs (38 lines):
diff -r df1d120e3fec -r 81e488851258 sys/kern/sys_generic.c
--- a/sys/kern/sys_generic.c Sun Jul 10 23:11:55 2022 +0000
+++ b/sys/kern/sys_generic.c Sun Jul 10 23:12:12 2022 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: sys_generic.c,v 1.133 2021/09/11 10:08:55 riastradh Exp $ */
+/* $NetBSD: sys_generic.c,v 1.134 2022/07/10 23:12:12 riastradh Exp $ */
/*-
* Copyright (c) 2007, 2008, 2009 The NetBSD Foundation, Inc.
@@ -70,7 +70,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: sys_generic.c,v 1.133 2021/09/11 10:08:55 riastradh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: sys_generic.c,v 1.134 2022/07/10 23:12:12 riastradh Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -255,7 +255,8 @@
* Therefore we must restrict the length to SSIZE_MAX to
* avoid garbage return values.
*/
- if (iov->iov_len > SSIZE_MAX || auio.uio_resid > SSIZE_MAX) {
+ if (iov->iov_len > SSIZE_MAX ||
+ auio.uio_resid > SSIZE_MAX - iov->iov_len) {
error = EINVAL;
goto done;
}
@@ -456,7 +457,8 @@
* Therefore we must restrict the length to SSIZE_MAX to
* avoid garbage return values.
*/
- if (iov->iov_len > SSIZE_MAX || auio.uio_resid > SSIZE_MAX) {
+ if (iov->iov_len > SSIZE_MAX ||
+ auio.uio_resid > SSIZE_MAX - iov->iov_len) {
error = EINVAL;
goto done;
}
Home |
Main Index |
Thread Index |
Old Index