Module Name: src Committed By: sborrill Date: Fri Apr 25 15:43:51 UTC 2014
Modified Files: src/sys/coda [netbsd-5]: coda_vfsops.c src/sys/fs/adosfs [netbsd-5]: advfsops.c src/sys/fs/cd9660 [netbsd-5]: cd9660_vfsops.c src/sys/fs/efs [netbsd-5]: efs_vfsops.c src/sys/fs/filecorefs [netbsd-5]: filecore_vfsops.c src/sys/fs/hfs [netbsd-5]: hfs_vfsops.c src/sys/fs/msdosfs [netbsd-5]: msdosfs_vfsops.c src/sys/fs/ntfs [netbsd-5]: ntfs_vfsops.c src/sys/fs/ptyfs [netbsd-5]: ptyfs_vfsops.c src/sys/fs/puffs [netbsd-5]: puffs_vfsops.c src/sys/fs/smbfs [netbsd-5]: smbfs_vfsops.c src/sys/fs/sysvbfs [netbsd-5]: sysvbfs_vfsops.c src/sys/fs/tmpfs [netbsd-5]: tmpfs_vfsops.c src/sys/fs/udf [netbsd-5]: udf_vfsops.c src/sys/fs/union [netbsd-5]: union_vfsops.c src/sys/fs/unionfs [netbsd-5]: unionfs_vfsops.c src/sys/kern [netbsd-5]: vfs_syscalls.c src/sys/miscfs/nullfs [netbsd-5]: null_vfsops.c src/sys/miscfs/overlay [netbsd-5]: overlay_vfsops.c src/sys/miscfs/procfs [netbsd-5]: procfs_vfsops.c src/sys/miscfs/umapfs [netbsd-5]: umap_vfsops.c src/sys/nfs [netbsd-5]: nfs_vfsops.c src/sys/ufs/ext2fs [netbsd-5]: ext2fs_vfsops.c src/sys/ufs/ffs [netbsd-5]: ffs_vfsops.c src/sys/ufs/lfs [netbsd-5]: lfs_vfsops.c src/sys/ufs/mfs [netbsd-5]: mfs_vfsops.c Log Message: Pull up the following revisions(s) (requested by maxv in ticket #1901): sys/kern/vfs_syscalls.c: revision 1.478, 1.480 via patch sys/coda/coda_vfsops.c: revision 1.81 sys/fs/adosfs/advfsops.c: revision 1.70 sys/fs/cd9660/cd9660_vfsops.c: revision 1.84 sys/fs/efs/efs_vfsops.c: revision 1.25 sys/fs/filecorefs/filecore_vfsops.c: revision 1.76 sys/fs/hfs/hfs_vfsops.c: revision 1.31 sys/fs/msdosfs/msdosfs_vfsops.c: revision 1.107 sys/fs/ntfs/ntfs_vfsops.c: revision 1.94 sys/fs/ptyfs/ptyfs_vfsops.c: revision 1.50 via patch sys/fs/puffs/puffs_vfsops.c: revision 1.110 via patch sys/fs/smbfs/smbfs_vfsops.c: revision 1.100 sys/fs/sysvbfs/sysvbfs_vfsops.c: revision 1.43 sys/fs/tmpfs/tmpfs_vfsops.c: revision 1.59 via patch sys/fs/udf/udf_vfsops.c: revision 1.67 sys/fs/union/union_vfsops.c: revision 1.72 sys/fs/unionfs/unionfs_vfsops.c: revision 1.13 sys/kern/vfs_syscalls.c: revision 1.479 sys/miscfs/nullfs/null_vfsops.c: revision 1.88 via patch sys/miscfs/overlay/overlay_vfsops.c: revision 1.61 sys/miscfs/procfs/procfs_vfsops.c: revision 1.91 sys/miscfs/umapfs/umap_vfsops.c: revision 1.92 sys/nfs/nfs_vfsops.c: revision 1.227 sys/ufs/ext2fs/ext2fs_vfsops.c: revision 1.180 sys/ufs/ffs/ffs_vfsops.c: revision 1.297 sys/ufs/lfs/lfs_vfsops.c: revision 1.321 sys/ufs/mfs/mfs_vfsops.c: revision 1.107 Due to missing checks in the mount syscall, and a wrong assumption on the file systems side, the kernel could allocate an unbounded or zero-sized memory buffer, and could dereference a NULL pointer when particular arguments are given by a user. To generate a diff of this commit: cvs rdiff -u -r1.66 -r1.66.8.1 src/sys/coda/coda_vfsops.c cvs rdiff -u -r1.53 -r1.53.6.1 src/sys/fs/adosfs/advfsops.c cvs rdiff -u -r1.63.6.1 -r1.63.6.2 src/sys/fs/cd9660/cd9660_vfsops.c cvs rdiff -u -r1.16.4.1 -r1.16.4.2 src/sys/fs/efs/efs_vfsops.c cvs rdiff -u -r1.55 -r1.55.6.1 src/sys/fs/filecorefs/filecore_vfsops.c cvs rdiff -u -r1.19 -r1.19.4.1 src/sys/fs/hfs/hfs_vfsops.c cvs rdiff -u -r1.68.6.2 -r1.68.6.3 src/sys/fs/msdosfs/msdosfs_vfsops.c cvs rdiff -u -r1.72.6.1 -r1.72.6.2 src/sys/fs/ntfs/ntfs_vfsops.c cvs rdiff -u -r1.37 -r1.37.4.1 src/sys/fs/ptyfs/ptyfs_vfsops.c cvs rdiff -u -r1.81.8.3 -r1.81.8.4 src/sys/fs/puffs/puffs_vfsops.c cvs rdiff -u -r1.85.4.1 -r1.85.4.2 src/sys/fs/smbfs/smbfs_vfsops.c cvs rdiff -u -r1.26 -r1.26.4.1 src/sys/fs/sysvbfs/sysvbfs_vfsops.c cvs rdiff -u -r1.44 -r1.44.4.1 src/sys/fs/tmpfs/tmpfs_vfsops.c cvs rdiff -u -r1.52.2.3 -r1.52.2.4 src/sys/fs/udf/udf_vfsops.c cvs rdiff -u -r1.57.6.2 -r1.57.6.3 src/sys/fs/union/union_vfsops.c cvs rdiff -u -r1.5 -r1.5.6.1 src/sys/fs/unionfs/unionfs_vfsops.c cvs rdiff -u -r1.376.4.7 -r1.376.4.8 src/sys/kern/vfs_syscalls.c cvs rdiff -u -r1.77 -r1.77.6.1 src/sys/miscfs/nullfs/null_vfsops.c cvs rdiff -u -r1.53 -r1.53.6.1 src/sys/miscfs/overlay/overlay_vfsops.c cvs rdiff -u -r1.81 -r1.81.6.1 src/sys/miscfs/procfs/procfs_vfsops.c cvs rdiff -u -r1.80 -r1.80.6.1 src/sys/miscfs/umapfs/umap_vfsops.c cvs rdiff -u -r1.203 -r1.203.4.1 src/sys/nfs/nfs_vfsops.c cvs rdiff -u -r1.137.6.6 -r1.137.6.7 src/sys/ufs/ext2fs/ext2fs_vfsops.c cvs rdiff -u -r1.239.2.4 -r1.239.2.5 src/sys/ufs/ffs/ffs_vfsops.c cvs rdiff -u -r1.267.6.1 -r1.267.6.2 src/sys/ufs/lfs/lfs_vfsops.c cvs rdiff -u -r1.98 -r1.98.6.1 src/sys/ufs/mfs/mfs_vfsops.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/sys/coda/coda_vfsops.c diff -u src/sys/coda/coda_vfsops.c:1.66 src/sys/coda/coda_vfsops.c:1.66.8.1 --- src/sys/coda/coda_vfsops.c:1.66 Sat May 10 02:26:09 2008 +++ src/sys/coda/coda_vfsops.c Fri Apr 25 15:43:49 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: coda_vfsops.c,v 1.66 2008/05/10 02:26:09 rumble Exp $ */ +/* $NetBSD: coda_vfsops.c,v 1.66.8.1 2014/04/25 15:43:49 sborrill Exp $ */ /* * @@ -45,7 +45,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: coda_vfsops.c,v 1.66 2008/05/10 02:26:09 rumble Exp $"); +__KERNEL_RCSID(0, "$NetBSD: coda_vfsops.c,v 1.66.8.1 2014/04/25 15:43:49 sborrill Exp $"); #ifdef _LKM #define NVCODA 4 @@ -186,6 +186,8 @@ coda_mount(struct mount *vfsp, /* Alloca CodaFid ctlfid = CTL_FID; int error; + if (data == NULL) + return EINVAL; if (vfsp->mnt_flag & MNT_GETARGS) return EINVAL; ENTRY; Index: src/sys/fs/adosfs/advfsops.c diff -u src/sys/fs/adosfs/advfsops.c:1.53 src/sys/fs/adosfs/advfsops.c:1.53.6.1 --- src/sys/fs/adosfs/advfsops.c:1.53 Sat Jun 28 01:34:05 2008 +++ src/sys/fs/adosfs/advfsops.c Fri Apr 25 15:43:49 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: advfsops.c,v 1.53 2008/06/28 01:34:05 rumble Exp $ */ +/* $NetBSD: advfsops.c,v 1.53.6.1 2014/04/25 15:43:49 sborrill Exp $ */ /* * Copyright (c) 1994 Christian E. Hopps @@ -32,7 +32,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: advfsops.c,v 1.53 2008/06/28 01:34:05 rumble Exp $"); +__KERNEL_RCSID(0, "$NetBSD: advfsops.c,v 1.53.6.1 2014/04/25 15:43:49 sborrill Exp $"); #if defined(_KERNEL_OPT) #include "opt_compat_netbsd.h" @@ -99,6 +99,8 @@ adosfs_mount(mp, path, data, data_len) int error; mode_t accessmode; + if (args == NULL) + return EINVAL; if (*data_len < sizeof *args) return EINVAL; Index: src/sys/fs/cd9660/cd9660_vfsops.c diff -u src/sys/fs/cd9660/cd9660_vfsops.c:1.63.6.1 src/sys/fs/cd9660/cd9660_vfsops.c:1.63.6.2 --- src/sys/fs/cd9660/cd9660_vfsops.c:1.63.6.1 Tue Oct 27 21:58:34 2009 +++ src/sys/fs/cd9660/cd9660_vfsops.c Fri Apr 25 15:43:49 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: cd9660_vfsops.c,v 1.63.6.1 2009/10/27 21:58:34 bouyer Exp $ */ +/* $NetBSD: cd9660_vfsops.c,v 1.63.6.2 2014/04/25 15:43:49 sborrill Exp $ */ /*- * Copyright (c) 1994 @@ -37,7 +37,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: cd9660_vfsops.c,v 1.63.6.1 2009/10/27 21:58:34 bouyer Exp $"); +__KERNEL_RCSID(0, "$NetBSD: cd9660_vfsops.c,v 1.63.6.2 2014/04/25 15:43:49 sborrill Exp $"); #if defined(_KERNEL_OPT) #include "opt_compat_netbsd.h" @@ -225,6 +225,8 @@ cd9660_mount(struct mount *mp, const cha int error; struct iso_mnt *imp = VFSTOISOFS(mp); + if (args == NULL) + return EINVAL; if (*data_len < sizeof *args) return EINVAL; Index: src/sys/fs/efs/efs_vfsops.c diff -u src/sys/fs/efs/efs_vfsops.c:1.16.4.1 src/sys/fs/efs/efs_vfsops.c:1.16.4.2 --- src/sys/fs/efs/efs_vfsops.c:1.16.4.1 Tue Jan 6 23:34:46 2009 +++ src/sys/fs/efs/efs_vfsops.c Fri Apr 25 15:43:49 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: efs_vfsops.c,v 1.16.4.1 2009/01/06 23:34:46 snj Exp $ */ +/* $NetBSD: efs_vfsops.c,v 1.16.4.2 2014/04/25 15:43:49 sborrill Exp $ */ /* * Copyright (c) 2006 Stephen M. Rumble <rum...@ephemeral.org> @@ -17,7 +17,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: efs_vfsops.c,v 1.16.4.1 2009/01/06 23:34:46 snj Exp $"); +__KERNEL_RCSID(0, "$NetBSD: efs_vfsops.c,v 1.16.4.2 2014/04/25 15:43:49 sborrill Exp $"); #include <sys/param.h> #include <sys/systm.h> @@ -180,6 +180,8 @@ efs_mount(struct mount *mp, const char * struct vnode *devvp; int err, mode; + if (args == NULL) + return EINVAL; if (*data_len < sizeof *args) return EINVAL; Index: src/sys/fs/filecorefs/filecore_vfsops.c diff -u src/sys/fs/filecorefs/filecore_vfsops.c:1.55 src/sys/fs/filecorefs/filecore_vfsops.c:1.55.6.1 --- src/sys/fs/filecorefs/filecore_vfsops.c:1.55 Sat Jun 28 01:34:05 2008 +++ src/sys/fs/filecorefs/filecore_vfsops.c Fri Apr 25 15:43:49 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: filecore_vfsops.c,v 1.55 2008/06/28 01:34:05 rumble Exp $ */ +/* $NetBSD: filecore_vfsops.c,v 1.55.6.1 2014/04/25 15:43:49 sborrill Exp $ */ /*- * Copyright (c) 1994 The Regents of the University of California. @@ -66,7 +66,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: filecore_vfsops.c,v 1.55 2008/06/28 01:34:05 rumble Exp $"); +__KERNEL_RCSID(0, "$NetBSD: filecore_vfsops.c,v 1.55.6.1 2014/04/25 15:43:49 sborrill Exp $"); #if defined(_KERNEL_OPT) #include "opt_compat_netbsd.h" @@ -250,6 +250,8 @@ filecore_mount(mp, path, data, data_len) int error; struct filecore_mnt *fcmp = NULL; + if (args == NULL) + return EINVAL; if (*data_len < sizeof *args) return EINVAL; Index: src/sys/fs/hfs/hfs_vfsops.c diff -u src/sys/fs/hfs/hfs_vfsops.c:1.19 src/sys/fs/hfs/hfs_vfsops.c:1.19.4.1 --- src/sys/fs/hfs/hfs_vfsops.c:1.19 Wed Sep 3 22:57:46 2008 +++ src/sys/fs/hfs/hfs_vfsops.c Fri Apr 25 15:43:49 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: hfs_vfsops.c,v 1.19 2008/09/03 22:57:46 gmcgarry Exp $ */ +/* $NetBSD: hfs_vfsops.c,v 1.19.4.1 2014/04/25 15:43:49 sborrill Exp $ */ /*- * Copyright (c) 2005, 2007 The NetBSD Foundation, Inc. @@ -99,7 +99,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: hfs_vfsops.c,v 1.19 2008/09/03 22:57:46 gmcgarry Exp $"); +__KERNEL_RCSID(0, "$NetBSD: hfs_vfsops.c,v 1.19.4.1 2014/04/25 15:43:49 sborrill Exp $"); #ifdef _KERNEL_OPT #include "opt_compat_netbsd.h" @@ -206,6 +206,8 @@ hfs_mount(struct mount *mp, const char * int update; mode_t accessmode; + if (args == NULL) + return EINVAL; if (*data_len < sizeof *args) return EINVAL; Index: src/sys/fs/msdosfs/msdosfs_vfsops.c diff -u src/sys/fs/msdosfs/msdosfs_vfsops.c:1.68.6.2 src/sys/fs/msdosfs/msdosfs_vfsops.c:1.68.6.3 --- src/sys/fs/msdosfs/msdosfs_vfsops.c:1.68.6.2 Sun Feb 8 19:10:44 2009 +++ src/sys/fs/msdosfs/msdosfs_vfsops.c Fri Apr 25 15:43:50 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: msdosfs_vfsops.c,v 1.68.6.2 2009/02/08 19:10:44 snj Exp $ */ +/* $NetBSD: msdosfs_vfsops.c,v 1.68.6.3 2014/04/25 15:43:50 sborrill Exp $ */ /*- * Copyright (C) 1994, 1995, 1997 Wolfgang Solfrank. @@ -48,7 +48,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: msdosfs_vfsops.c,v 1.68.6.2 2009/02/08 19:10:44 snj Exp $"); +__KERNEL_RCSID(0, "$NetBSD: msdosfs_vfsops.c,v 1.68.6.3 2014/04/25 15:43:50 sborrill Exp $"); #if defined(_KERNEL_OPT) #include "opt_quota.h" @@ -300,6 +300,8 @@ msdosfs_mount(mp, path, data, data_len) int error, flags; mode_t accessmode; + if (args == NULL) + return EINVAL; if (*data_len < sizeof *args) return EINVAL; Index: src/sys/fs/ntfs/ntfs_vfsops.c diff -u src/sys/fs/ntfs/ntfs_vfsops.c:1.72.6.1 src/sys/fs/ntfs/ntfs_vfsops.c:1.72.6.2 --- src/sys/fs/ntfs/ntfs_vfsops.c:1.72.6.1 Thu Sep 10 07:33:24 2009 +++ src/sys/fs/ntfs/ntfs_vfsops.c Fri Apr 25 15:43:50 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: ntfs_vfsops.c,v 1.72.6.1 2009/09/10 07:33:24 snj Exp $ */ +/* $NetBSD: ntfs_vfsops.c,v 1.72.6.2 2014/04/25 15:43:50 sborrill Exp $ */ /*- * Copyright (c) 1998, 1999 Semen Ustimenko @@ -29,7 +29,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: ntfs_vfsops.c,v 1.72.6.1 2009/09/10 07:33:24 snj Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ntfs_vfsops.c,v 1.72.6.2 2014/04/25 15:43:50 sborrill Exp $"); #include <sys/param.h> #include <sys/systm.h> @@ -176,6 +176,8 @@ ntfs_mount ( struct vnode *devvp; struct ntfs_args *args = data; + if (args == NULL) + return EINVAL; if (*data_len < sizeof *args) return EINVAL; Index: src/sys/fs/ptyfs/ptyfs_vfsops.c diff -u src/sys/fs/ptyfs/ptyfs_vfsops.c:1.37 src/sys/fs/ptyfs/ptyfs_vfsops.c:1.37.4.1 --- src/sys/fs/ptyfs/ptyfs_vfsops.c:1.37 Sun Oct 26 23:06:41 2008 +++ src/sys/fs/ptyfs/ptyfs_vfsops.c Fri Apr 25 15:43:50 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: ptyfs_vfsops.c,v 1.37 2008/10/26 23:06:41 joerg Exp $ */ +/* $NetBSD: ptyfs_vfsops.c,v 1.37.4.1 2014/04/25 15:43:50 sborrill Exp $ */ /* * Copyright (c) 1992, 1993, 1995 @@ -38,7 +38,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: ptyfs_vfsops.c,v 1.37 2008/10/26 23:06:41 joerg Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ptyfs_vfsops.c,v 1.37.4.1 2014/04/25 15:43:50 sborrill Exp $"); #include <sys/param.h> #include <sys/systm.h> @@ -186,6 +186,8 @@ ptyfs_mount(struct mount *mp, const char struct ptyfsmount *pmnt; struct ptyfs_args *args = data; + if (args == NULL) + return EINVAL; if (*data_len < sizeof *args) return EINVAL; Index: src/sys/fs/puffs/puffs_vfsops.c diff -u src/sys/fs/puffs/puffs_vfsops.c:1.81.8.3 src/sys/fs/puffs/puffs_vfsops.c:1.81.8.4 --- src/sys/fs/puffs/puffs_vfsops.c:1.81.8.3 Wed Nov 2 20:11:12 2011 +++ src/sys/fs/puffs/puffs_vfsops.c Fri Apr 25 15:43:50 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: puffs_vfsops.c,v 1.81.8.3 2011/11/02 20:11:12 riz Exp $ */ +/* $NetBSD: puffs_vfsops.c,v 1.81.8.4 2014/04/25 15:43:50 sborrill Exp $ */ /* * Copyright (c) 2005, 2006 Antti Kantee. All Rights Reserved. @@ -30,7 +30,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: puffs_vfsops.c,v 1.81.8.3 2011/11/02 20:11:12 riz Exp $"); +__KERNEL_RCSID(0, "$NetBSD: puffs_vfsops.c,v 1.81.8.4 2014/04/25 15:43:50 sborrill Exp $"); #include <sys/param.h> #include <sys/mount.h> @@ -92,6 +92,8 @@ puffs_vfsop_mount(struct mount *mp, cons int error = 0, i; pid_t mntpid = curlwp->l_proc->p_pid; + if (data == NULL) + return EINVAL; if (*data_len < sizeof *args) return EINVAL; @@ -106,12 +108,6 @@ puffs_vfsop_mount(struct mount *mp, cons if (mp->mnt_flag & MNT_UPDATE) return EOPNOTSUPP; - /* - * We need the file system name - */ - if (!data) - return EINVAL; - error = fstrans_mount(mp); if (error) return error; Index: src/sys/fs/smbfs/smbfs_vfsops.c diff -u src/sys/fs/smbfs/smbfs_vfsops.c:1.85.4.1 src/sys/fs/smbfs/smbfs_vfsops.c:1.85.4.2 --- src/sys/fs/smbfs/smbfs_vfsops.c:1.85.4.1 Sat Oct 3 23:05:25 2009 +++ src/sys/fs/smbfs/smbfs_vfsops.c Fri Apr 25 15:43:50 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: smbfs_vfsops.c,v 1.85.4.1 2009/10/03 23:05:25 snj Exp $ */ +/* $NetBSD: smbfs_vfsops.c,v 1.85.4.2 2014/04/25 15:43:50 sborrill Exp $ */ /* * Copyright (c) 2000-2001, Boris Popov @@ -35,7 +35,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: smbfs_vfsops.c,v 1.85.4.1 2009/10/03 23:05:25 snj Exp $"); +__KERNEL_RCSID(0, "$NetBSD: smbfs_vfsops.c,v 1.85.4.2 2014/04/25 15:43:50 sborrill Exp $"); #ifdef _KERNEL_OPT #include "opt_quota.h" @@ -167,6 +167,8 @@ smbfs_mount(struct mount *mp, const char struct proc *p; int error; + if (args == NULL) + return EINVAL; if (*data_len < sizeof *args) return EINVAL; Index: src/sys/fs/sysvbfs/sysvbfs_vfsops.c diff -u src/sys/fs/sysvbfs/sysvbfs_vfsops.c:1.26 src/sys/fs/sysvbfs/sysvbfs_vfsops.c:1.26.4.1 --- src/sys/fs/sysvbfs/sysvbfs_vfsops.c:1.26 Thu Sep 4 12:28:14 2008 +++ src/sys/fs/sysvbfs/sysvbfs_vfsops.c Fri Apr 25 15:43:50 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: sysvbfs_vfsops.c,v 1.26 2008/09/04 12:28:14 pooka Exp $ */ +/* $NetBSD: sysvbfs_vfsops.c,v 1.26.4.1 2014/04/25 15:43:50 sborrill Exp $ */ /*- * Copyright (c) 2004 The NetBSD Foundation, Inc. @@ -30,7 +30,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: sysvbfs_vfsops.c,v 1.26 2008/09/04 12:28:14 pooka Exp $"); +__KERNEL_RCSID(0, "$NetBSD: sysvbfs_vfsops.c,v 1.26.4.1 2014/04/25 15:43:50 sborrill Exp $"); #include <sys/types.h> #include <sys/param.h> @@ -79,6 +79,8 @@ sysvbfs_mount(struct mount *mp, const ch DPRINTF("%s: mnt_flag=%x\n", __func__, mp->mnt_flag); + if (args == NULL) + return EINVAL; if (*data_len < sizeof *args) return EINVAL; Index: src/sys/fs/tmpfs/tmpfs_vfsops.c diff -u src/sys/fs/tmpfs/tmpfs_vfsops.c:1.44 src/sys/fs/tmpfs/tmpfs_vfsops.c:1.44.4.1 --- src/sys/fs/tmpfs/tmpfs_vfsops.c:1.44 Tue Jul 29 09:10:09 2008 +++ src/sys/fs/tmpfs/tmpfs_vfsops.c Fri Apr 25 15:43:50 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: tmpfs_vfsops.c,v 1.44 2008/07/29 09:10:09 pooka Exp $ */ +/* $NetBSD: tmpfs_vfsops.c,v 1.44.4.1 2014/04/25 15:43:50 sborrill Exp $ */ /* * Copyright (c) 2005, 2006, 2007 The NetBSD Foundation, Inc. @@ -42,7 +42,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: tmpfs_vfsops.c,v 1.44 2008/07/29 09:10:09 pooka Exp $"); +__KERNEL_RCSID(0, "$NetBSD: tmpfs_vfsops.c,v 1.44.4.1 2014/04/25 15:43:50 sborrill Exp $"); #include <sys/param.h> #include <sys/types.h> @@ -89,6 +89,8 @@ tmpfs_mount(struct mount *mp, const char struct tmpfs_node *root; struct tmpfs_args *args = data; + if (args == NULL) + return EINVAL; if (*data_len < sizeof *args) return EINVAL; Index: src/sys/fs/udf/udf_vfsops.c diff -u src/sys/fs/udf/udf_vfsops.c:1.52.2.3 src/sys/fs/udf/udf_vfsops.c:1.52.2.4 --- src/sys/fs/udf/udf_vfsops.c:1.52.2.3 Thu Jul 9 19:44:34 2009 +++ src/sys/fs/udf/udf_vfsops.c Fri Apr 25 15:43:50 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: udf_vfsops.c,v 1.52.2.3 2009/07/09 19:44:34 snj Exp $ */ +/* $NetBSD: udf_vfsops.c,v 1.52.2.4 2014/04/25 15:43:50 sborrill Exp $ */ /* * Copyright (c) 2006, 2008 Reinoud Zandijk @@ -28,7 +28,7 @@ #include <sys/cdefs.h> #ifndef lint -__KERNEL_RCSID(0, "$NetBSD: udf_vfsops.c,v 1.52.2.3 2009/07/09 19:44:34 snj Exp $"); +__KERNEL_RCSID(0, "$NetBSD: udf_vfsops.c,v 1.52.2.4 2014/04/25 15:43:50 sborrill Exp $"); #endif /* not lint */ @@ -324,6 +324,8 @@ udf_mount(struct mount *mp, const char * DPRINTF(CALL, ("udf_mount called\n")); + if (args == NULL) + return EINVAL; if (*data_len < sizeof *args) return EINVAL; Index: src/sys/fs/union/union_vfsops.c diff -u src/sys/fs/union/union_vfsops.c:1.57.6.2 src/sys/fs/union/union_vfsops.c:1.57.6.3 --- src/sys/fs/union/union_vfsops.c:1.57.6.2 Sat Sep 17 18:54:38 2011 +++ src/sys/fs/union/union_vfsops.c Fri Apr 25 15:43:50 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: union_vfsops.c,v 1.57.6.2 2011/09/17 18:54:38 bouyer Exp $ */ +/* $NetBSD: union_vfsops.c,v 1.57.6.3 2014/04/25 15:43:50 sborrill Exp $ */ /* * Copyright (c) 1994 The Regents of the University of California. @@ -77,7 +77,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: union_vfsops.c,v 1.57.6.2 2011/09/17 18:54:38 bouyer Exp $"); +__KERNEL_RCSID(0, "$NetBSD: union_vfsops.c,v 1.57.6.3 2014/04/25 15:43:50 sborrill Exp $"); #include <sys/param.h> #include <sys/systm.h> @@ -123,6 +123,8 @@ union_mount(struct mount *mp, const char int len; size_t size; + if (args == NULL) + return EINVAL; if (*data_len < sizeof *args) return EINVAL; Index: src/sys/fs/unionfs/unionfs_vfsops.c diff -u src/sys/fs/unionfs/unionfs_vfsops.c:1.5 src/sys/fs/unionfs/unionfs_vfsops.c:1.5.6.1 --- src/sys/fs/unionfs/unionfs_vfsops.c:1.5 Sat Jun 28 01:34:05 2008 +++ src/sys/fs/unionfs/unionfs_vfsops.c Fri Apr 25 15:43:50 2014 @@ -88,6 +88,8 @@ unionfs_mount(struct mount *mp, const ch const char *cp; char *xp; + if (args == NULL) + return EINVAL; if (*data_len < sizeof *args) return EINVAL; Index: src/sys/kern/vfs_syscalls.c diff -u src/sys/kern/vfs_syscalls.c:1.376.4.7 src/sys/kern/vfs_syscalls.c:1.376.4.8 --- src/sys/kern/vfs_syscalls.c:1.376.4.7 Sat Sep 17 18:47:46 2011 +++ src/sys/kern/vfs_syscalls.c Fri Apr 25 15:43:50 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: vfs_syscalls.c,v 1.376.4.7 2011/09/17 18:47:46 bouyer Exp $ */ +/* $NetBSD: vfs_syscalls.c,v 1.376.4.8 2014/04/25 15:43:50 sborrill Exp $ */ /*- * Copyright (c) 2008 The NetBSD Foundation, Inc. @@ -63,7 +63,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: vfs_syscalls.c,v 1.376.4.7 2011/09/17 18:47:46 bouyer Exp $"); +__KERNEL_RCSID(0, "$NetBSD: vfs_syscalls.c,v 1.376.4.8 2014/04/25 15:43:50 sborrill Exp $"); #include "opt_compat_netbsd.h" #include "opt_compat_43.h" @@ -519,15 +519,15 @@ do_sys_mount(struct lwp *l, struct vfsop recurse = vn_setrecurse(vp); } + /* + * We allow data to be NULL, even for userspace. Some fs's don't need + * it. The others will handle NULL. + */ if (data != NULL && data_seg == UIO_USERSPACE) { if (data_len == 0) { /* No length supplied, use default for filesystem */ data_len = vfsops->vfs_min_mount_data; - if (data_len > VFS_MAX_MOUNT_DATA) { - /* maybe a force loaded old LKM */ - error = EINVAL; - goto done; - } + #ifdef COMPAT_30 /* Hopefully a longer buffer won't make copyin() fail */ if (flags & MNT_UPDATE @@ -535,6 +535,11 @@ do_sys_mount(struct lwp *l, struct vfsop data_len = sizeof (struct mnt_export_args30); #endif } + if ((data_len == 0) || (data_len > VFS_MAX_MOUNT_DATA)) { + error = EINVAL; + goto done; + } + data_buf = malloc(data_len, M_TEMP, M_WAITOK); /* NFS needs the buffer even for mnt_getargs .... */ Index: src/sys/miscfs/nullfs/null_vfsops.c diff -u src/sys/miscfs/nullfs/null_vfsops.c:1.77 src/sys/miscfs/nullfs/null_vfsops.c:1.77.6.1 --- src/sys/miscfs/nullfs/null_vfsops.c:1.77 Tue Jun 24 11:25:05 2008 +++ src/sys/miscfs/nullfs/null_vfsops.c Fri Apr 25 15:43:50 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: null_vfsops.c,v 1.77 2008/06/24 11:25:05 ad Exp $ */ +/* $NetBSD: null_vfsops.c,v 1.77.6.1 2014/04/25 15:43:50 sborrill Exp $ */ /* * Copyright (c) 1999 National Aeronautics & Space Administration @@ -74,7 +74,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: null_vfsops.c,v 1.77 2008/06/24 11:25:05 ad Exp $"); +__KERNEL_RCSID(0, "$NetBSD: null_vfsops.c,v 1.77.6.1 2014/04/25 15:43:50 sborrill Exp $"); #include <sys/param.h> #include <sys/systm.h> @@ -118,6 +118,8 @@ nullfs_mount(mp, path, data, data_len) printf("nullfs_mount(mp = %p)\n", mp); #endif + if (args == NULL) + return EINVAL; if (*data_len < sizeof *args) return EINVAL; Index: src/sys/miscfs/overlay/overlay_vfsops.c diff -u src/sys/miscfs/overlay/overlay_vfsops.c:1.53 src/sys/miscfs/overlay/overlay_vfsops.c:1.53.6.1 --- src/sys/miscfs/overlay/overlay_vfsops.c:1.53 Sat Jun 28 01:34:06 2008 +++ src/sys/miscfs/overlay/overlay_vfsops.c Fri Apr 25 15:43:50 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: overlay_vfsops.c,v 1.53 2008/06/28 01:34:06 rumble Exp $ */ +/* $NetBSD: overlay_vfsops.c,v 1.53.6.1 2014/04/25 15:43:50 sborrill Exp $ */ /* * Copyright (c) 1999, 2000 National Aeronautics & Space Administration @@ -74,7 +74,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: overlay_vfsops.c,v 1.53 2008/06/28 01:34:06 rumble Exp $"); +__KERNEL_RCSID(0, "$NetBSD: overlay_vfsops.c,v 1.53.6.1 2014/04/25 15:43:50 sborrill Exp $"); #include <sys/param.h> #include <sys/systm.h> @@ -114,6 +114,8 @@ ov_mount(struct mount *mp, const char *p printf("ov_mount(mp = %p)\n", mp); #endif + if (args == NULL) + return EINVAL; if (*data_len < sizeof *args) return EINVAL; Index: src/sys/miscfs/procfs/procfs_vfsops.c diff -u src/sys/miscfs/procfs/procfs_vfsops.c:1.81 src/sys/miscfs/procfs/procfs_vfsops.c:1.81.6.1 --- src/sys/miscfs/procfs/procfs_vfsops.c:1.81 Sat Jun 28 01:34:06 2008 +++ src/sys/miscfs/procfs/procfs_vfsops.c Fri Apr 25 15:43:50 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: procfs_vfsops.c,v 1.81 2008/06/28 01:34:06 rumble Exp $ */ +/* $NetBSD: procfs_vfsops.c,v 1.81.6.1 2014/04/25 15:43:50 sborrill Exp $ */ /* * Copyright (c) 1993 @@ -76,7 +76,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: procfs_vfsops.c,v 1.81 2008/06/28 01:34:06 rumble Exp $"); +__KERNEL_RCSID(0, "$NetBSD: procfs_vfsops.c,v 1.81.6.1 2014/04/25 15:43:50 sborrill Exp $"); #if defined(_KERNEL_OPT) #include "opt_compat_netbsd.h" @@ -128,6 +128,9 @@ procfs_mount( struct procfs_args *args = data; int error; + if (args == NULL) + return EINVAL; + if (UIO_MX & (UIO_MX-1)) { log(LOG_ERR, "procfs: invalid directory entry size"); return (EINVAL); Index: src/sys/miscfs/umapfs/umap_vfsops.c diff -u src/sys/miscfs/umapfs/umap_vfsops.c:1.80 src/sys/miscfs/umapfs/umap_vfsops.c:1.80.6.1 --- src/sys/miscfs/umapfs/umap_vfsops.c:1.80 Sat Jun 28 01:34:06 2008 +++ src/sys/miscfs/umapfs/umap_vfsops.c Fri Apr 25 15:43:51 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: umap_vfsops.c,v 1.80 2008/06/28 01:34:06 rumble Exp $ */ +/* $NetBSD: umap_vfsops.c,v 1.80.6.1 2014/04/25 15:43:51 sborrill Exp $ */ /* * Copyright (c) 1992, 1993 @@ -41,7 +41,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: umap_vfsops.c,v 1.80 2008/06/28 01:34:06 rumble Exp $"); +__KERNEL_RCSID(0, "$NetBSD: umap_vfsops.c,v 1.80.6.1 2014/04/25 15:43:51 sborrill Exp $"); #include <sys/param.h> #include <sys/systm.h> @@ -84,6 +84,8 @@ umapfs_mount(mp, path, data, data_len) int i; #endif + if (args == NULL) + return EINVAL; if (*data_len < sizeof *args) return EINVAL; Index: src/sys/nfs/nfs_vfsops.c diff -u src/sys/nfs/nfs_vfsops.c:1.203 src/sys/nfs/nfs_vfsops.c:1.203.4.1 --- src/sys/nfs/nfs_vfsops.c:1.203 Wed Oct 22 12:29:35 2008 +++ src/sys/nfs/nfs_vfsops.c Fri Apr 25 15:43:51 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: nfs_vfsops.c,v 1.203 2008/10/22 12:29:35 matt Exp $ */ +/* $NetBSD: nfs_vfsops.c,v 1.203.4.1 2014/04/25 15:43:51 sborrill Exp $ */ /* * Copyright (c) 1989, 1993, 1995 @@ -35,7 +35,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: nfs_vfsops.c,v 1.203 2008/10/22 12:29:35 matt Exp $"); +__KERNEL_RCSID(0, "$NetBSD: nfs_vfsops.c,v 1.203.4.1 2014/04/25 15:43:51 sborrill Exp $"); #if defined(_KERNEL_OPT) #include "opt_compat_netbsd.h" @@ -600,6 +600,8 @@ nfs_mount(struct mount *mp, const char * size_t len; u_char *nfh; + if (args == NULL) + return EINVAL; if (*data_len < sizeof *args) return EINVAL; Index: src/sys/ufs/ext2fs/ext2fs_vfsops.c diff -u src/sys/ufs/ext2fs/ext2fs_vfsops.c:1.137.6.6 src/sys/ufs/ext2fs/ext2fs_vfsops.c:1.137.6.7 --- src/sys/ufs/ext2fs/ext2fs_vfsops.c:1.137.6.6 Sun Jan 16 12:38:28 2011 +++ src/sys/ufs/ext2fs/ext2fs_vfsops.c Fri Apr 25 15:43:51 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: ext2fs_vfsops.c,v 1.137.6.6 2011/01/16 12:38:28 bouyer Exp $ */ +/* $NetBSD: ext2fs_vfsops.c,v 1.137.6.7 2014/04/25 15:43:51 sborrill Exp $ */ /* * Copyright (c) 1989, 1991, 1993, 1994 @@ -65,7 +65,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: ext2fs_vfsops.c,v 1.137.6.6 2011/01/16 12:38:28 bouyer Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ext2fs_vfsops.c,v 1.137.6.7 2014/04/25 15:43:51 sborrill Exp $"); #if defined(_KERNEL_OPT) #include "opt_compat_netbsd.h" @@ -322,6 +322,8 @@ ext2fs_mount(struct mount *mp, const cha int error = 0, flags, update; mode_t accessmode; + if (args == NULL) + return EINVAL; if (*data_len < sizeof *args) return EINVAL; Index: src/sys/ufs/ffs/ffs_vfsops.c diff -u src/sys/ufs/ffs/ffs_vfsops.c:1.239.2.4 src/sys/ufs/ffs/ffs_vfsops.c:1.239.2.5 --- src/sys/ufs/ffs/ffs_vfsops.c:1.239.2.4 Sat Oct 3 22:49:43 2009 +++ src/sys/ufs/ffs/ffs_vfsops.c Fri Apr 25 15:43:51 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: ffs_vfsops.c,v 1.239.2.4 2009/10/03 22:49:43 snj Exp $ */ +/* $NetBSD: ffs_vfsops.c,v 1.239.2.5 2014/04/25 15:43:51 sborrill Exp $ */ /*- * Copyright (c) 2008, 2009 The NetBSD Foundation, Inc. @@ -61,7 +61,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: ffs_vfsops.c,v 1.239.2.4 2009/10/03 22:49:43 snj Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ffs_vfsops.c,v 1.239.2.5 2014/04/25 15:43:51 sborrill Exp $"); #if defined(_KERNEL_OPT) #include "opt_ffs.h" @@ -318,6 +318,8 @@ ffs_mount(struct mount *mp, const char * int error = 0, flags, update; mode_t accessmode; + if (args == NULL) + return EINVAL; if (*data_len < sizeof *args) return EINVAL; Index: src/sys/ufs/lfs/lfs_vfsops.c diff -u src/sys/ufs/lfs/lfs_vfsops.c:1.267.6.1 src/sys/ufs/lfs/lfs_vfsops.c:1.267.6.2 --- src/sys/ufs/lfs/lfs_vfsops.c:1.267.6.1 Sat Apr 4 18:11:17 2009 +++ src/sys/ufs/lfs/lfs_vfsops.c Fri Apr 25 15:43:51 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: lfs_vfsops.c,v 1.267.6.1 2009/04/04 18:11:17 snj Exp $ */ +/* $NetBSD: lfs_vfsops.c,v 1.267.6.2 2014/04/25 15:43:51 sborrill Exp $ */ /*- * Copyright (c) 1999, 2000, 2001, 2002, 2003, 2007, 2007 @@ -61,7 +61,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: lfs_vfsops.c,v 1.267.6.1 2009/04/04 18:11:17 snj Exp $"); +__KERNEL_RCSID(0, "$NetBSD: lfs_vfsops.c,v 1.267.6.2 2014/04/25 15:43:51 sborrill Exp $"); #if defined(_KERNEL_OPT) #include "opt_lfs.h" @@ -560,6 +560,8 @@ lfs_mount(struct mount *mp, const char * int error = 0, update; mode_t accessmode; + if (args == NULL) + return EINVAL; if (*data_len < sizeof *args) return EINVAL; Index: src/sys/ufs/mfs/mfs_vfsops.c diff -u src/sys/ufs/mfs/mfs_vfsops.c:1.98 src/sys/ufs/mfs/mfs_vfsops.c:1.98.6.1 --- src/sys/ufs/mfs/mfs_vfsops.c:1.98 Sat Jun 28 01:34:05 2008 +++ src/sys/ufs/mfs/mfs_vfsops.c Fri Apr 25 15:43:51 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: mfs_vfsops.c,v 1.98 2008/06/28 01:34:05 rumble Exp $ */ +/* $NetBSD: mfs_vfsops.c,v 1.98.6.1 2014/04/25 15:43:51 sborrill Exp $ */ /* * Copyright (c) 1989, 1990, 1993, 1994 @@ -32,7 +32,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: mfs_vfsops.c,v 1.98 2008/06/28 01:34:05 rumble Exp $"); +__KERNEL_RCSID(0, "$NetBSD: mfs_vfsops.c,v 1.98.6.1 2014/04/25 15:43:51 sborrill Exp $"); #if defined(_KERNEL_OPT) #include "opt_compat_netbsd.h" @@ -279,6 +279,8 @@ mfs_mount(struct mount *mp, const char * struct proc *p; int flags, error = 0; + if (args == NULL) + return EINVAL; if (*data_len < sizeof *args) return EINVAL;