CVS commit: src/sys/miscfs/umapfs

[Maxime Villard]

Module Name:src
Committed By:   maxv
Date:   Mon Aug 11 14:02:14 UTC 2014

Modified Files:
src/sys/miscfs/umapfs: umap_vfsops.c

Log Message:
1) 'error' is returned while it does not even hold an error code. Which
   means that zero is returned, and the kernel keeps mounting (and it
   probably ends up in a deadlock/memory corruption somewhere).
2) 'nentries' and 'gnentries' are int and user-controlled, and there's no
   check to ensure they are greater than zero. Since they are used to
   compute the size of two copyin's, a user can control the copied size
   by giving a negative value (like 128-2^29), and thus overwrite kernel
   memory.

Both triggerable from root only.


To generate a diff of this commit:
cvs rdiff -u -r1.93 -r1.94 src/sys/miscfs/umapfs/umap_vfsops.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/sys/miscfs/umapfs

[Juergen Hannken-Illjes]

Module Name:src
Committed By:   hannken
Date:   Sun Feb  9 17:18:38 UTC 2014

Modified Files:
src/sys/miscfs/umapfs: umap_vnops.c

Log Message:
Adjust comment and change vput() to vrele().  This change got missed
when changing vnode creation operations to return unlocked result.


To generate a diff of this commit:
cvs rdiff -u -r1.54 -r1.55 src/sys/miscfs/umapfs/umap_vnops.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.