Module Name: src Committed By: pooka Date: Fri Feb 18 16:10:10 UTC 2011
Modified Files: src/lib/librmt: rmtlib.c Log Message: Improve isrmt() check: it cannot be a rmt fd if there are no pipes open for the fd. Prevents collision with rumphijack. Also, prevent potential hyperspace memory access. Does someone want to write tests for this facility? To generate a diff of this commit: cvs rdiff -u -r1.22 -r1.23 src/lib/librmt/rmtlib.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/lib/librmt/rmtlib.c diff -u src/lib/librmt/rmtlib.c:1.22 src/lib/librmt/rmtlib.c:1.23 --- src/lib/librmt/rmtlib.c:1.22 Tue Aug 31 05:12:35 2010 +++ src/lib/librmt/rmtlib.c Fri Feb 18 16:10:09 2011 @@ -1,4 +1,4 @@ -/* $NetBSD: rmtlib.c,v 1.22 2010/08/31 05:12:35 enami Exp $ */ +/* $NetBSD: rmtlib.c,v 1.23 2011/02/18 16:10:09 pooka Exp $ */ /* * rmt --- remote tape emulator subroutines @@ -28,7 +28,7 @@ */ #include <sys/cdefs.h> -__RCSID("$NetBSD: rmtlib.c,v 1.22 2010/08/31 05:12:35 enami Exp $"); +__RCSID("$NetBSD: rmtlib.c,v 1.23 2011/02/18 16:10:09 pooka Exp $"); #define RMTIOCTL 1 /* #define USE_REXEC 1 */ /* rexec code courtesy of Dan Kegel, srs!dan */ @@ -670,8 +670,10 @@ int isrmt(int fd) { + int unbias = fd - REM_BIAS; - return (fd >= REM_BIAS); + return (fd >= REM_BIAS) && unbias < MAXUNIT && + (WRITE(unbias) != -1 || READ(unbias) != -1); }