Module Name: src
Committed By: riastradh
Date: Sat Oct 15 15:22:27 UTC 2022
Modified Files:
src/sys/kern: subr_kobj.c
Log Message:
kobj(9): Forbid reading negative offsets.
Shouldn't have any functional change, but let's fail with EINVAL
rather than reading arbitrarily distant memory.
To generate a diff of this commit:
cvs rdiff -u -r1.69 -r1.70 src/sys/kern/subr_kobj.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/kern/subr_kobj.c
diff -u src/sys/kern/subr_kobj.c:1.69 src/sys/kern/subr_kobj.c:1.70
--- src/sys/kern/subr_kobj.c:1.69 Sat Aug 21 23:00:32 2021
+++ src/sys/kern/subr_kobj.c Sat Oct 15 15:22:27 2022
@@ -1,4 +1,4 @@
-/* $NetBSD: subr_kobj.c,v 1.69 2021/08/21 23:00:32 andvar Exp $ */
+/* $NetBSD: subr_kobj.c,v 1.70 2022/10/15 15:22:27 riastradh Exp $ */
/*
* Copyright (c) 2008 The NetBSD Foundation, Inc.
@@ -63,7 +63,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: subr_kobj.c,v 1.69 2021/08/21 23:00:32 andvar Exp $");
+__KERNEL_RCSID(0, "$NetBSD: subr_kobj.c,v 1.70 2022/10/15 15:22:27 riastradh Exp $");
#ifdef _KERNEL_OPT
#include "opt_modular.h"
@@ -1149,7 +1149,12 @@ kobj_read_mem(kobj_t ko, void **basep, s
KASSERT(ko->ko_source != NULL);
- if (ko->ko_memsize != -1 && off + size > ko->ko_memsize) {
+ if (off < 0) {
+ kobj_error(ko, "negative offset %lld",
+ (unsigned long long)off);
+ error = EINVAL;
+ base = NULL;
+ } else if (ko->ko_memsize != -1 && off + size > ko->ko_memsize) {
kobj_error(ko, "preloaded object short");
error = EINVAL;
base = NULL;
