Module Name: src
Committed By: dholland
Date: Wed Feb 17 17:39:08 UTC 2021
Modified Files:
src/sys/kern: vfs_syscalls.c
Log Message:
Don't allow callers of fsync_range() to trigger UB in the kernel.
(also prohibit syncing ranges at start offsets less than zero)
To generate a diff of this commit:
cvs rdiff -u -r1.548 -r1.549 src/sys/kern/vfs_syscalls.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/kern/vfs_syscalls.c
diff -u src/sys/kern/vfs_syscalls.c:1.548 src/sys/kern/vfs_syscalls.c:1.549
--- src/sys/kern/vfs_syscalls.c:1.548 Sat May 16 18:31:50 2020
+++ src/sys/kern/vfs_syscalls.c Wed Feb 17 17:39:08 2021
@@ -1,4 +1,4 @@
-/* $NetBSD: vfs_syscalls.c,v 1.548 2020/05/16 18:31:50 christos Exp $ */
+/* $NetBSD: vfs_syscalls.c,v 1.549 2021/02/17 17:39:08 dholland Exp $ */
/*-
* Copyright (c) 2008, 2009, 2019, 2020 The NetBSD Foundation, Inc.
@@ -70,7 +70,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: vfs_syscalls.c,v 1.548 2020/05/16 18:31:50 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: vfs_syscalls.c,v 1.549 2021/02/17 17:39:08 dholland Exp $");
#ifdef _KERNEL_OPT
#include "opt_fileassoc.h"
@@ -4198,11 +4198,12 @@ sys_fsync_range(struct lwp *l, const str
/* If length == 0, we do the whole file, and s = e = 0 will do that */
if (len) {
s = SCARG(uap, start);
- e = s + len;
- if (e < s) {
+ if (s < 0 || len < 0 || len > OFF_T_MAX - s) {
error = EINVAL;
goto out;
}
+ e = s + len;
+ KASSERT(s <= e);
} else {
e = 0;
s = 0;
