Module Name: src
Committed By: rin
Date: Mon Mar 2 03:34:28 UTC 2020
Modified Files:
src/sys/arch/powerpc/booke: copyin.c
Log Message:
Let copyinstr(9) return ENAMETOOLONG correctly if source is not
NUL-terminated; it cannot be determined by (uint8_t)data == '\0'
since data is right shifted at the end of loop.
Found by POOL_REDZONE.
To generate a diff of this commit:
cvs rdiff -u -r1.7 -r1.8 src/sys/arch/powerpc/booke/copyin.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/arch/powerpc/booke/copyin.c
diff -u src/sys/arch/powerpc/booke/copyin.c:1.7 src/sys/arch/powerpc/booke/copyin.c:1.8
--- src/sys/arch/powerpc/booke/copyin.c:1.7 Sun Apr 7 05:25:55 2019
+++ src/sys/arch/powerpc/booke/copyin.c Mon Mar 2 03:34:28 2020
@@ -1,4 +1,4 @@
-/* $NetBSD: copyin.c,v 1.7 2019/04/07 05:25:55 thorpej Exp $ */
+/* $NetBSD: copyin.c,v 1.8 2020/03/02 03:34:28 rin Exp $ */
/*-
* Copyright (c) 2010, 2011 The NetBSD Foundation, Inc.
@@ -36,7 +36,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: copyin.c,v 1.7 2019/04/07 05:25:55 thorpej Exp $");
+__KERNEL_RCSID(0, "$NetBSD: copyin.c,v 1.8 2020/03/02 03:34:28 rin Exp $");
#define __UFETCHSTORE_PRIVATE
@@ -306,6 +306,7 @@ copyinstr(const void *usaddr, void *kdad
{
struct pcb * const pcb = lwp_getpcb(curlwp);
struct faultbuf env;
+ int rv;
if (__predict_false(len == 0)) {
if (done)
@@ -313,7 +314,7 @@ copyinstr(const void *usaddr, void *kdad
return 0;
}
- int rv = setfault(&env);
+ rv = setfault(&env);
if (rv != 0) {
pcb->pcb_onfault = NULL;
if (done)
@@ -346,15 +347,14 @@ copyinstr(const void *usaddr, void *kdad
*kdaddr8++ = data;
if ((uint8_t) data == 0) {
copylen++;
- break;
+ goto out;
}
}
+ rv = ENAMETOOLONG;
+out:
pcb->pcb_onfault = NULL;
if (done)
*done = copylen;
- /*
- * If the last byte is not NUL (0), then the name is too long.
- */
- return (uint8_t)data ? ENAMETOOLONG : 0;
+ return rv;
}
