Date: Mon, 21 Apr 2014 08:20:22 +0200 From: Maxime Villard <m...@m00nbsd.net>
Le 21/04/2014 01:46, Taylor R Campbell a écrit : > In most cases of the changes you made, there is already a test for the > length of the data buffer. Is this not guaranteed to be zero if data > is null? It seems to me that the length test ought to suffice, and if > anything the null pointer test should be an assertion, not a check. Not at all. 'data' and 'data_len' come from userpace. A user can set data to NULL and data_len to a value high enough to bypass the data_len check. If a user passes in null data and nonzero data_len, why doesn't mount(2) just return EINVAL? Giving file systems the responsibility for basic sanity checks on syscall arguments strikes me as error-prone.