Module Name: src
Committed By: riastradh
Date: Tue Oct 1 17:18:46 UTC 2024
Modified Files:
src/sys/compat/linux/common: linux_file.c
Log Message:
linux_sys_copy_file_range: Avoid more UB arithmetic overflow.
Need to check the input offset too, not just the output offset.
No functional change in the non-UB case.
To generate a diff of this commit:
cvs rdiff -u -r1.131 -r1.132 src/sys/compat/linux/common/linux_file.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/compat/linux/common/linux_file.c
diff -u src/sys/compat/linux/common/linux_file.c:1.131 src/sys/compat/linux/common/linux_file.c:1.132
--- src/sys/compat/linux/common/linux_file.c:1.131 Tue Oct 1 17:15:59 2024
+++ src/sys/compat/linux/common/linux_file.c Tue Oct 1 17:18:45 2024
@@ -1,4 +1,4 @@
-/* $NetBSD: linux_file.c,v 1.131 2024/10/01 17:15:59 riastradh Exp $ */
+/* $NetBSD: linux_file.c,v 1.132 2024/10/01 17:18:45 riastradh Exp $ */
/*-
* Copyright (c) 1995, 1998, 2008 The NetBSD Foundation, Inc.
@@ -35,7 +35,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: linux_file.c,v 1.131 2024/10/01 17:15:59 riastradh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: linux_file.c,v 1.132 2024/10/01 17:18:45 riastradh Exp $");
#include <sys/types.h>
#include <sys/param.h>
@@ -1156,7 +1156,8 @@ linux_sys_copy_file_range(lwp_t *l,
have_off_out = true;
}
- if (off_out < 0 || len > OFF_MAX - off_out) {
+ if (off_out < 0 || len > OFF_MAX - off_out ||
+ off_in < 0 || len > OFF_MAX - off_in) {
DPRINTF("%s: New size is greater than OFF_MAX\n", __func__);
error = EFBIG;
goto out;
