Grahame Bowland wrote:
>
> Hi all,
>
> When implementing a syscall for FreeBSD, how do you ensure that the arguments
> you have been passed are sane? I'm interested in the following syscall:
> int setattr(char *file, struct stat *st, unsigned bitmap);
>
> As far as I can see from reading similar functions, such as fhstatfs, the
> correct way to do it is:
>
> {
> struct stat st;
> error = copyin(SCARG(uap, st), &st, sizeof(struct stat));
> if (error) { return error; }
> }
>
> Does the above code ensure that I'm safe, and I can 'trust' that there is a
> struct stat 'st' that I can access normally in the code? Obviously I can't
> trust the values contained in it, however can I be assured that I'm not going
> to overrun or anything nasty by doing the above?
Yes. If the copyin() succeeded you can assume that sizeof(struct stat)
bytes have been copied from userland. Obviously, you can't assume
anything about the content of these bytes though.
Maxime
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
