Module Name: src
Committed By: christos
Date: Fri Sep 27 14:36:19 UTC 2019
Modified Files:
src/sys/miscfs/procfs: procfs_auxv.c procfs_cmdline.c procfs_limit.c
procfs_map.c
Log Message:
Instead of casting to size_t, cast to uintmax_t to prevent truncation
(pointed out by chuq). In all these cases uio_offset can't be negative.
To generate a diff of this commit:
cvs rdiff -u -r1.3 -r1.4 src/sys/miscfs/procfs/procfs_auxv.c
cvs rdiff -u -r1.31 -r1.32 src/sys/miscfs/procfs/procfs_cmdline.c
cvs rdiff -u -r1.2 -r1.3 src/sys/miscfs/procfs/procfs_limit.c
cvs rdiff -u -r1.46 -r1.47 src/sys/miscfs/procfs/procfs_map.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/miscfs/procfs/procfs_auxv.c
diff -u src/sys/miscfs/procfs/procfs_auxv.c:1.3 src/sys/miscfs/procfs/procfs_auxv.c:1.4
--- src/sys/miscfs/procfs/procfs_auxv.c:1.3 Thu Sep 26 13:34:08 2019
+++ src/sys/miscfs/procfs/procfs_auxv.c Fri Sep 27 10:36:18 2019
@@ -1,4 +1,4 @@
-/* $NetBSD: procfs_auxv.c,v 1.3 2019/09/26 17:34:08 christos Exp $ */
+/* $NetBSD: procfs_auxv.c,v 1.4 2019/09/27 14:36:18 christos Exp $ */
/*-
* Copyright (c) 2017 The NetBSD Foundation, Inc.
@@ -29,7 +29,7 @@
* POSSIBILITY OF SUCH DAMAGE.
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: procfs_auxv.c,v 1.3 2019/09/26 17:34:08 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: procfs_auxv.c,v 1.4 2019/09/27 14:36:18 christos Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -52,7 +52,7 @@ procfs_doauxv(struct lwp *curl, struct p
if ((error = proc_getauxv(p, &buffer, &bufsize)) != 0)
return error;
- if ((size_t)uio->uio_offset < bufsize)
+ if ((uintmax_t)uio->uio_offset < bufsize)
error = uiomove((char *)buffer + uio->uio_offset,
bufsize - uio->uio_offset, uio);
else
Index: src/sys/miscfs/procfs/procfs_cmdline.c
diff -u src/sys/miscfs/procfs/procfs_cmdline.c:1.31 src/sys/miscfs/procfs/procfs_cmdline.c:1.32
--- src/sys/miscfs/procfs/procfs_cmdline.c:1.31 Thu Sep 26 13:34:08 2019
+++ src/sys/miscfs/procfs/procfs_cmdline.c Fri Sep 27 10:36:18 2019
@@ -1,4 +1,4 @@
-/* $NetBSD: procfs_cmdline.c,v 1.31 2019/09/26 17:34:08 christos Exp $ */
+/* $NetBSD: procfs_cmdline.c,v 1.32 2019/09/27 14:36:18 christos Exp $ */
/*
* Copyright (c) 1999 Jaromir Dolecek <[email protected]>
@@ -31,7 +31,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: procfs_cmdline.c,v 1.31 2019/09/26 17:34:08 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: procfs_cmdline.c,v 1.32 2019/09/27 14:36:18 christos Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -52,7 +52,7 @@ procfs_doprocargs_helper(void *cookie, c
char *buf = __UNCONST(src);
buf += uio->uio_offset - off;
- if (off + len <= (size_t)uio->uio_offset)
+ if (off + len <= (uintmax_t)uio->uio_offset)
return 0;
return uiomove(buf, off + len - uio->uio_offset, cookie);
}
@@ -90,13 +90,13 @@ procfs_doprocargs(
return error;
}
len = strlen(p->p_comm);
- if (len >= (size_t)uio->uio_offset) {
+ if (len >= (uintmax_t)uio->uio_offset) {
start = uio->uio_offset - 1;
error = uiomove(p->p_comm + start, len - start, uio);
if (error)
return error;
}
- if (len + 2 >= (size_t)uio->uio_offset) {
+ if (len + 2 >= (uintmax_t)uio->uio_offset) {
start = uio->uio_offset - 1 - len;
error = uiomove(msg + 1 + start, 2 - start, uio);
}
Index: src/sys/miscfs/procfs/procfs_limit.c
diff -u src/sys/miscfs/procfs/procfs_limit.c:1.2 src/sys/miscfs/procfs/procfs_limit.c:1.3
--- src/sys/miscfs/procfs/procfs_limit.c:1.2 Thu Sep 26 13:34:08 2019
+++ src/sys/miscfs/procfs/procfs_limit.c Fri Sep 27 10:36:18 2019
@@ -1,4 +1,4 @@
-/* $NetBSD: procfs_limit.c,v 1.2 2019/09/26 17:34:08 christos Exp $ */
+/* $NetBSD: procfs_limit.c,v 1.3 2019/09/27 14:36:18 christos Exp $ */
/*-
* Copyright (c) 2019 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: procfs_limit.c,v 1.2 2019/09/26 17:34:08 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: procfs_limit.c,v 1.3 2019/09/27 14:36:18 christos Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -81,7 +81,7 @@ procfs_dolimit(struct lwp *curl, struct
pos += prl(buffer + pos, bufsize - pos, rl[i].rlim_max, '\n');
}
- if ((size_t)uio->uio_offset < pos)
+ if ((uintmax_t)uio->uio_offset < pos)
error = uiomove(buffer + uio->uio_offset,
pos - uio->uio_offset, uio);
else
Index: src/sys/miscfs/procfs/procfs_map.c
diff -u src/sys/miscfs/procfs/procfs_map.c:1.46 src/sys/miscfs/procfs/procfs_map.c:1.47
--- src/sys/miscfs/procfs/procfs_map.c:1.46 Thu Sep 26 13:34:08 2019
+++ src/sys/miscfs/procfs/procfs_map.c Fri Sep 27 10:36:19 2019
@@ -1,4 +1,4 @@
-/* $NetBSD: procfs_map.c,v 1.46 2019/09/26 17:34:08 christos Exp $ */
+/* $NetBSD: procfs_map.c,v 1.47 2019/09/27 14:36:19 christos Exp $ */
/*
* Copyright (c) 1993
@@ -76,7 +76,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: procfs_map.c,v 1.46 2019/09/26 17:34:08 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: procfs_map.c,v 1.47 2019/09/27 14:36:19 christos Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -216,7 +216,7 @@ again:
* The map could have changed between the two reads, and
* that could result in junk, but typically it does not.
*/
- if ((size_t)uio->uio_offset < pos)
+ if ((uintmax_t)uio->uio_offset < pos)
error = uiomove(buffer + uio->uio_offset,
pos - uio->uio_offset, uio);
else
