Tim Newsham wrote:
> Recommendation:
> Validate the device number vap->va_rdev in tmpfs_mknod() and return
> an error if it is VNOVAL (-1).
Sounds about right to me.
Index: tmpfs_vnops.c
===================================================================
RCS file: /cvs/src/sys/tmpfs/tmpfs_vnops.c,v
retrieving revision 1.27
diff -u -p -r1.27 tmpfs_vnops.c
--- tmpfs_vnops.c 19 Jun 2016 11:54:33 -0000 1.27
+++ tmpfs_vnops.c 5 Jul 2016 23:20:33 -0000
@@ -343,6 +343,10 @@ tmpfs_mknod(void *v)
vput(dvp);
return EINVAL;
}
+ if ((vt == VBLK || vt == VCHR) && vap->va_rdev == VNOVAL) {
+ vput(dvp);
+ return EINVAL;
+ }
/* tmpfs_alloc_file() will unlock 'dvp'. */
error = tmpfs_alloc_file(dvp, vpp, vap, cnp, NULL);
