Module Name: src Committed By: christos Date: Fri Sep 27 14:36:19 UTC 2019
Modified Files: src/sys/miscfs/procfs: procfs_auxv.c procfs_cmdline.c procfs_limit.c procfs_map.c Log Message: Instead of casting to size_t, cast to uintmax_t to prevent truncation (pointed out by chuq). In all these cases uio_offset can't be negative. To generate a diff of this commit: cvs rdiff -u -r1.3 -r1.4 src/sys/miscfs/procfs/procfs_auxv.c cvs rdiff -u -r1.31 -r1.32 src/sys/miscfs/procfs/procfs_cmdline.c cvs rdiff -u -r1.2 -r1.3 src/sys/miscfs/procfs/procfs_limit.c cvs rdiff -u -r1.46 -r1.47 src/sys/miscfs/procfs/procfs_map.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/sys/miscfs/procfs/procfs_auxv.c diff -u src/sys/miscfs/procfs/procfs_auxv.c:1.3 src/sys/miscfs/procfs/procfs_auxv.c:1.4 --- src/sys/miscfs/procfs/procfs_auxv.c:1.3 Thu Sep 26 13:34:08 2019 +++ src/sys/miscfs/procfs/procfs_auxv.c Fri Sep 27 10:36:18 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: procfs_auxv.c,v 1.3 2019/09/26 17:34:08 christos Exp $ */ +/* $NetBSD: procfs_auxv.c,v 1.4 2019/09/27 14:36:18 christos Exp $ */ /*- * Copyright (c) 2017 The NetBSD Foundation, Inc. @@ -29,7 +29,7 @@ * POSSIBILITY OF SUCH DAMAGE. */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: procfs_auxv.c,v 1.3 2019/09/26 17:34:08 christos Exp $"); +__KERNEL_RCSID(0, "$NetBSD: procfs_auxv.c,v 1.4 2019/09/27 14:36:18 christos Exp $"); #include <sys/param.h> #include <sys/systm.h> @@ -52,7 +52,7 @@ procfs_doauxv(struct lwp *curl, struct p if ((error = proc_getauxv(p, &buffer, &bufsize)) != 0) return error; - if ((size_t)uio->uio_offset < bufsize) + if ((uintmax_t)uio->uio_offset < bufsize) error = uiomove((char *)buffer + uio->uio_offset, bufsize - uio->uio_offset, uio); else Index: src/sys/miscfs/procfs/procfs_cmdline.c diff -u src/sys/miscfs/procfs/procfs_cmdline.c:1.31 src/sys/miscfs/procfs/procfs_cmdline.c:1.32 --- src/sys/miscfs/procfs/procfs_cmdline.c:1.31 Thu Sep 26 13:34:08 2019 +++ src/sys/miscfs/procfs/procfs_cmdline.c Fri Sep 27 10:36:18 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: procfs_cmdline.c,v 1.31 2019/09/26 17:34:08 christos Exp $ */ +/* $NetBSD: procfs_cmdline.c,v 1.32 2019/09/27 14:36:18 christos Exp $ */ /* * Copyright (c) 1999 Jaromir Dolecek <dole...@ics.muni.cz> @@ -31,7 +31,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: procfs_cmdline.c,v 1.31 2019/09/26 17:34:08 christos Exp $"); +__KERNEL_RCSID(0, "$NetBSD: procfs_cmdline.c,v 1.32 2019/09/27 14:36:18 christos Exp $"); #include <sys/param.h> #include <sys/systm.h> @@ -52,7 +52,7 @@ procfs_doprocargs_helper(void *cookie, c char *buf = __UNCONST(src); buf += uio->uio_offset - off; - if (off + len <= (size_t)uio->uio_offset) + if (off + len <= (uintmax_t)uio->uio_offset) return 0; return uiomove(buf, off + len - uio->uio_offset, cookie); } @@ -90,13 +90,13 @@ procfs_doprocargs( return error; } len = strlen(p->p_comm); - if (len >= (size_t)uio->uio_offset) { + if (len >= (uintmax_t)uio->uio_offset) { start = uio->uio_offset - 1; error = uiomove(p->p_comm + start, len - start, uio); if (error) return error; } - if (len + 2 >= (size_t)uio->uio_offset) { + if (len + 2 >= (uintmax_t)uio->uio_offset) { start = uio->uio_offset - 1 - len; error = uiomove(msg + 1 + start, 2 - start, uio); } Index: src/sys/miscfs/procfs/procfs_limit.c diff -u src/sys/miscfs/procfs/procfs_limit.c:1.2 src/sys/miscfs/procfs/procfs_limit.c:1.3 --- src/sys/miscfs/procfs/procfs_limit.c:1.2 Thu Sep 26 13:34:08 2019 +++ src/sys/miscfs/procfs/procfs_limit.c Fri Sep 27 10:36:18 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: procfs_limit.c,v 1.2 2019/09/26 17:34:08 christos Exp $ */ +/* $NetBSD: procfs_limit.c,v 1.3 2019/09/27 14:36:18 christos Exp $ */ /*- * Copyright (c) 2019 The NetBSD Foundation, Inc. @@ -30,7 +30,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: procfs_limit.c,v 1.2 2019/09/26 17:34:08 christos Exp $"); +__KERNEL_RCSID(0, "$NetBSD: procfs_limit.c,v 1.3 2019/09/27 14:36:18 christos Exp $"); #include <sys/param.h> #include <sys/systm.h> @@ -81,7 +81,7 @@ procfs_dolimit(struct lwp *curl, struct pos += prl(buffer + pos, bufsize - pos, rl[i].rlim_max, '\n'); } - if ((size_t)uio->uio_offset < pos) + if ((uintmax_t)uio->uio_offset < pos) error = uiomove(buffer + uio->uio_offset, pos - uio->uio_offset, uio); else Index: src/sys/miscfs/procfs/procfs_map.c diff -u src/sys/miscfs/procfs/procfs_map.c:1.46 src/sys/miscfs/procfs/procfs_map.c:1.47 --- src/sys/miscfs/procfs/procfs_map.c:1.46 Thu Sep 26 13:34:08 2019 +++ src/sys/miscfs/procfs/procfs_map.c Fri Sep 27 10:36:19 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: procfs_map.c,v 1.46 2019/09/26 17:34:08 christos Exp $ */ +/* $NetBSD: procfs_map.c,v 1.47 2019/09/27 14:36:19 christos Exp $ */ /* * Copyright (c) 1993 @@ -76,7 +76,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: procfs_map.c,v 1.46 2019/09/26 17:34:08 christos Exp $"); +__KERNEL_RCSID(0, "$NetBSD: procfs_map.c,v 1.47 2019/09/27 14:36:19 christos Exp $"); #include <sys/param.h> #include <sys/systm.h> @@ -216,7 +216,7 @@ again: * The map could have changed between the two reads, and * that could result in junk, but typically it does not. */ - if ((size_t)uio->uio_offset < pos) + if ((uintmax_t)uio->uio_offset < pos) error = uiomove(buffer + uio->uio_offset, pos - uio->uio_offset, uio); else