[src/trunk]: src/sys/kern kobj(9): Forbid reading negative offsets.

[riastradh <riastradh%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/11cba91bbe66
branches:  trunk
changeset: 371871:11cba91bbe66
user:      riastradh <riastradh%NetBSD.org@localhost>
date:      Sat Oct 15 15:22:27 2022 +0000

description:
kobj(9): Forbid reading negative offsets.

Shouldn't have any functional change, but let's fail with EINVAL
rather than reading arbitrarily distant memory.

diffstat:

 sys/kern/subr_kobj.c |  11 ++++++++---
 1 files changed, 8 insertions(+), 3 deletions(-)

diffs (32 lines):

diff -r 435bacfc7197 -r 11cba91bbe66 sys/kern/subr_kobj.c
--- a/sys/kern/subr_kobj.c      Sat Oct 15 15:20:46 2022 +0000
+++ b/sys/kern/subr_kobj.c      Sat Oct 15 15:22:27 2022 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: subr_kobj.c,v 1.69 2021/08/21 23:00:32 andvar Exp $    */
+/*     $NetBSD: subr_kobj.c,v 1.70 2022/10/15 15:22:27 riastradh Exp $ */
 
 /*
  * Copyright (c) 2008 The NetBSD Foundation, Inc.
@@ -63,7 +63,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: subr_kobj.c,v 1.69 2021/08/21 23:00:32 andvar Exp $");
+__KERNEL_RCSID(0, "$NetBSD: subr_kobj.c,v 1.70 2022/10/15 15:22:27 riastradh Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_modular.h"
@@ -1149,7 +1149,12 @@
 
        KASSERT(ko->ko_source != NULL);
 
-       if (ko->ko_memsize != -1 && off + size > ko->ko_memsize) {
+       if (off < 0) {
+               kobj_error(ko, "negative offset %lld",
+                   (unsigned long long)off);
+               error = EINVAL;
+               base = NULL;
+       } else if (ko->ko_memsize != -1 && off + size > ko->ko_memsize) {
                kobj_error(ko, "preloaded object short");
                error = EINVAL;
                base = NULL;