CVS commit: src/sys

SAITOH Masanobu Thu, 16 Jul 2020 08:02:22 -0700

Module Name:    src
Committed By:   msaitoh
Date:           Thu Jul 16 15:02:08 UTC 2020


Modified Files:
        src/sys/compat/common: uipc_syscalls_40.c
        src/sys/compat/linux/common: linux_socket.c
        src/sys/compat/linux32/common: linux32_socket.c
        src/sys/net: if.c

Log Message:
 Don't accept negative value.

Reported-by: [email protected]


To generate a diff of this commit:
cvs rdiff -u -r1.22 -r1.23 src/sys/compat/common/uipc_syscalls_40.c
cvs rdiff -u -r1.149 -r1.150 src/sys/compat/linux/common/linux_socket.c
cvs rdiff -u -r1.30 -r1.31 src/sys/compat/linux32/common/linux32_socket.c
cvs rdiff -u -r1.478 -r1.479 src/sys/net/if.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/compat/common/uipc_syscalls_40.c
diff -u src/sys/compat/common/uipc_syscalls_40.c:1.22 src/sys/compat/common/uipc_syscalls_40.c:1.23
--- src/sys/compat/common/uipc_syscalls_40.c:1.22	Sat Feb 22 09:42:20 2020
+++ src/sys/compat/common/uipc_syscalls_40.c	Thu Jul 16 15:02:08 2020
@@ -1,9 +1,9 @@
-/*	$NetBSD: uipc_syscalls_40.c,v 1.22 2020/02/22 09:42:20 maxv Exp $	*/
+/*	$NetBSD: uipc_syscalls_40.c,v 1.23 2020/07/16 15:02:08 msaitoh Exp $	*/
 
 /* written by Pavel Cahyna, 2006. Public domain. */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: uipc_syscalls_40.c,v 1.22 2020/02/22 09:42:20 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: uipc_syscalls_40.c,v 1.23 2020/07/16 15:02:08 msaitoh Exp $");
 
 #if defined(_KERNEL_OPT)
 #include "opt_compat_netbsd.h"
@@ -54,11 +54,14 @@ compat_ifconf(u_long cmd, void *data)
 		return ENOSYS;
 	}
 
-	memset(&ifr, 0, sizeof(ifr));
 	if (docopy) {
+		if (ifc->ifc_len < 0)
+			return EINVAL;
+
 		space = ifc->ifc_len;
 		ifrp = ifc->ifc_req;
 	}
+	memset(&ifr, 0, sizeof(ifr));
 
 	bound = curlwp_bind();
 	s = pserialize_read_enter();

Index: src/sys/compat/linux/common/linux_socket.c
diff -u src/sys/compat/linux/common/linux_socket.c:1.149 src/sys/compat/linux/common/linux_socket.c:1.150
--- src/sys/compat/linux/common/linux_socket.c:1.149	Sun Sep  8 18:46:32 2019
+++ src/sys/compat/linux/common/linux_socket.c	Thu Jul 16 15:02:08 2020
@@ -1,4 +1,4 @@
-/*	$NetBSD: linux_socket.c,v 1.149 2019/09/08 18:46:32 maxv Exp $	*/
+/*	$NetBSD: linux_socket.c,v 1.150 2020/07/16 15:02:08 msaitoh Exp $	*/
 
 /*-
  * Copyright (c) 1995, 1998, 2008 The NetBSD Foundation, Inc.
@@ -35,7 +35,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: linux_socket.c,v 1.149 2019/09/08 18:46:32 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: linux_socket.c,v 1.150 2020/07/16 15:02:08 msaitoh Exp $");
 
 #if defined(_KERNEL_OPT)
 #include "opt_inet.h"
@@ -1140,12 +1140,15 @@ linux_getifconf(struct lwp *l, register_
 	if (error)
 		return error;
 
-	memset(&ifr, 0, sizeof(ifr));
 	docopy = ifc.ifc_req != NULL;
 	if (docopy) {
+		if (ifc.ifc_len < 0)
+			return EINVAL;
+
 		space = ifc.ifc_len;
 		ifrp = ifc.ifc_req;
 	}
+	memset(&ifr, 0, sizeof(ifr));
 
 	bound = curlwp_bind();
 	s = pserialize_read_enter();

Index: src/sys/compat/linux32/common/linux32_socket.c
diff -u src/sys/compat/linux32/common/linux32_socket.c:1.30 src/sys/compat/linux32/common/linux32_socket.c:1.31
--- src/sys/compat/linux32/common/linux32_socket.c:1.30	Thu Apr 18 17:45:12 2019
+++ src/sys/compat/linux32/common/linux32_socket.c	Thu Jul 16 15:02:08 2020
@@ -1,4 +1,4 @@
-/*	$NetBSD: linux32_socket.c,v 1.30 2019/04/18 17:45:12 christos Exp $ */
+/*	$NetBSD: linux32_socket.c,v 1.31 2020/07/16 15:02:08 msaitoh Exp $ */
 
 /*-
  * Copyright (c) 2006 Emmanuel Dreyfus, all rights reserved.
@@ -33,7 +33,7 @@
 
 #include <sys/cdefs.h>
 
-__KERNEL_RCSID(0, "$NetBSD: linux32_socket.c,v 1.30 2019/04/18 17:45:12 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: linux32_socket.c,v 1.31 2020/07/16 15:02:08 msaitoh Exp $");
 
 #include <sys/types.h>
 #include <sys/param.h>
@@ -431,12 +431,15 @@ linux32_getifconf(struct lwp *l, registe
 	if (error)
 		return error;
 
-	memset(&ifr, 0, sizeof(ifr));
 	docopy = NETBSD32PTR64(ifc.ifc_req) != NULL;
 	if (docopy) {
+		if (ifc.ifc_len < 0)
+			return EINVAL;
+
 		space = ifc.ifc_len;
 		ifrp = NETBSD32PTR64(ifc.ifc_req);
 	}
+	memset(&ifr, 0, sizeof(ifr));
 
 	bound = curlwp_bind();
 	s = pserialize_read_enter();

Index: src/sys/net/if.c
diff -u src/sys/net/if.c:1.478 src/sys/net/if.c:1.479
--- src/sys/net/if.c:1.478	Fri Jun 12 11:04:45 2020
+++ src/sys/net/if.c	Thu Jul 16 15:02:08 2020
@@ -1,4 +1,4 @@
-/*	$NetBSD: if.c,v 1.478 2020/06/12 11:04:45 roy Exp $	*/
+/*	$NetBSD: if.c,v 1.479 2020/07/16 15:02:08 msaitoh Exp $	*/
 
 /*-
  * Copyright (c) 1999, 2000, 2001, 2008 The NetBSD Foundation, Inc.
@@ -90,7 +90,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if.c,v 1.478 2020/06/12 11:04:45 roy Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if.c,v 1.479 2020/07/16 15:02:08 msaitoh Exp $");
 
 #if defined(_KERNEL_OPT)
 #include "opt_inet.h"
@@ -3484,11 +3484,14 @@ ifconf(u_long cmd, void *data)
 	int bound;
 	struct psref psref;
 
-	memset(&ifr, 0, sizeof(ifr));
 	if (docopy) {
+		if (ifc->ifc_len < 0)
+			return EINVAL;
+
 		space = ifc->ifc_len;
 		ifrp = ifc->ifc_req;
 	}
+	memset(&ifr, 0, sizeof(ifr));
 
 	bound = curlwp_bind();
 	s = pserialize_read_enter();

CVS commit: src/sys

Reply via email to