Author: mckusick Date: Sun Apr 8 05:15:34 2018 New Revision: 332264 URL: https://svnweb.freebsd.org/changeset/base/332264
Log: Defensive programming when reading inodes in getino(). Specifically check for out-of-range inodes, and whether return-value pointers are NULL. Modified: head/lib/libufs/inode.c Modified: head/lib/libufs/inode.c ============================================================================== --- head/lib/libufs/inode.c Sun Apr 8 01:32:56 2018 (r332263) +++ head/lib/libufs/inode.c Sun Apr 8 05:15:34 2018 (r332264) @@ -60,6 +60,10 @@ getino(struct uufsd *disk, void **dino, ino_t inode, i ERROR(disk, NULL); fs = &disk->d_fs; + if (inode >= fs->fs_ipg * fs->fs_ncg) { + ERROR(disk, "inode number out of range"); + return (-1); + } inoblock = disk->d_inoblock; min = disk->d_inomin; max = disk->d_inomax; @@ -81,13 +85,17 @@ getino(struct uufsd *disk, void **dino, ino_t inode, i gotit: switch (disk->d_ufs) { case 1: dp1 = &((struct ufs1_dinode *)inoblock)[inode - min]; - *mode = dp1->di_mode & IFMT; - *dino = dp1; + if (mode != NULL) + *mode = dp1->di_mode & IFMT; + if (dino != NULL) + *dino = dp1; return (0); case 2: dp2 = &((struct ufs2_dinode *)inoblock)[inode - min]; - *mode = dp2->di_mode & IFMT; - *dino = dp2; + if (mode != NULL) + *mode = dp2->di_mode & IFMT; + if (dino != NULL) + *dino = dp2; return (0); default: break; _______________________________________________ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"