CVS commit: [netbsd-4] src/sys/coda

Wed, 04 Aug 2010 04:01:21 -0700 

Module Name:    src
Committed By:   bouyer
Date:           Wed Aug  4 11:00:06 UTC 2010

Modified Files:
        src/sys/coda [netbsd-4]: coda.h coda_venus.c coda_vnops.c

Log Message:
Pull up following revision(s) (requested by christos in ticket #1400):
        sys/coda/coda_venus.c: revision 1.28
        sys/coda/coda_vnops.c: revision 1.76
        sys/coda/coda.h: revision 1.16
Correct incomplete size checks for the coda ioctls. From Dan Rosenberg.


To generate a diff of this commit:
cvs rdiff -u -r1.13 -r1.13.18.1 src/sys/coda/coda.h
cvs rdiff -u -r1.24 -r1.24.12.1 src/sys/coda/coda_venus.c
cvs rdiff -u -r1.50.8.3 -r1.50.8.4 src/sys/coda/coda_vnops.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/coda/coda.h
diff -u src/sys/coda/coda.h:1.13 src/sys/coda/coda.h:1.13.18.1
--- src/sys/coda/coda.h:1.13	Thu Mar  2 14:24:57 2006
+++ src/sys/coda/coda.h	Wed Aug  4 11:00:06 2010
@@ -1,4 +1,4 @@
-/* $NetBSD: coda.h,v 1.13 2006/03/02 14:24:57 gdt Exp $ */
+/* $NetBSD: coda.h,v 1.13.18.1 2010/08/04 11:00:06 bouyer Exp $ */
 
 /*
 
@@ -793,8 +793,8 @@
 #define PIOCPARM_MASK 0x0000ffff
 struct ViceIoctl {
         caddr_t in, out;        /* Data to be transferred in, or out */
-        short in_size;          /* Size of input buffer <= 2K */
-        short out_size;         /* Maximum size of output buffer, <= 2K */
+        unsigned short in_size; /* Size of input buffer <= 2K */
+        unsigned short out_size;/* Maximum size of output buffer, <= 2K */
 };
 
 struct PioctlData {

Index: src/sys/coda/coda_venus.c
diff -u src/sys/coda/coda_venus.c:1.24 src/sys/coda/coda_venus.c:1.24.12.1
--- src/sys/coda/coda_venus.c:1.24	Sun May 14 21:24:49 2006
+++ src/sys/coda/coda_venus.c	Wed Aug  4 11:00:06 2010
@@ -1,4 +1,4 @@
-/*	$NetBSD: coda_venus.c,v 1.24 2006/05/14 21:24:49 elad Exp $	*/
+/*	$NetBSD: coda_venus.c,v 1.24.12.1 2010/08/04 11:00:06 bouyer Exp $	*/
 
 /*
  *
@@ -32,7 +32,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: coda_venus.c,v 1.24 2006/05/14 21:24:49 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: coda_venus.c,v 1.24.12.1 2010/08/04 11:00:06 bouyer Exp $");
 
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -308,7 +308,7 @@
     tmp = ((com >> 16) & IOCPARM_MASK) - sizeof (char *) - sizeof (int);
     inp->cmd |= (tmp & IOCPARM_MASK) <<	16;
 
-    if (iap->vi.in_size < 0 || iap->vi.in_size > VC_MAXMSGSIZE) {
+    if (iap->vi.in_size > VC_MAXMSGSIZE || iap->vi.out_size > VC_MAXMSGSIZE) {
 	CODA_FREE(inp, coda_ioctl_size);
 	return (EINVAL);
     }

Index: src/sys/coda/coda_vnops.c
diff -u src/sys/coda/coda_vnops.c:1.50.8.3 src/sys/coda/coda_vnops.c:1.50.8.4
--- src/sys/coda/coda_vnops.c:1.50.8.3	Wed Jun  6 21:11:18 2007
+++ src/sys/coda/coda_vnops.c	Wed Aug  4 11:00:06 2010
@@ -1,4 +1,4 @@
-/*	$NetBSD: coda_vnops.c,v 1.50.8.3 2007/06/06 21:11:18 bouyer Exp $	*/
+/*	$NetBSD: coda_vnops.c,v 1.50.8.4 2010/08/04 11:00:06 bouyer Exp $	*/
 
 /*
  *
@@ -46,7 +46,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: coda_vnops.c,v 1.50.8.3 2007/06/06 21:11:18 bouyer Exp $");
+__KERNEL_RCSID(0, "$NetBSD: coda_vnops.c,v 1.50.8.4 2010/08/04 11:00:06 bouyer Exp $");
 
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -546,7 +546,7 @@
 	return(EINVAL);
     }
 
-    if (iap->vi.in_size > VC_MAXDATASIZE) {
+    if (iap->vi.in_size > VC_MAXDATASIZE || iap->vi.out_size > VC_MAXDATASIZE) {
 	vrele(tvp);
 	return(EINVAL);
     }

Reply via email to