Module Name: src
Committed By: riastradh
Date: Thu Mar 23 19:52:52 UTC 2023
Modified Files:
src/sys/nfs: nfsm_subs.h
Log Message:
nfs: Use unsigned name lengths so we don't trip over negative ones.
- nfsm_strsiz is only used with uint32_t in callers, but let's not
leave it as a rake to step on.
- nfsm_srvnamesiz is abused with signed s. The internal conversion
to unsigned serves to reject both negative and too-large values in
such callers.
XXX Should make all callers use unsigned, rather than flipping back
and forth between signed and unsigned for name lengths.
XXX pullup-8
XXX pullup-9
XXX pullup-10
To generate a diff of this commit:
cvs rdiff -u -r1.56 -r1.57 src/sys/nfs/nfsm_subs.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/nfs/nfsm_subs.h
diff -u src/sys/nfs/nfsm_subs.h:1.56 src/sys/nfs/nfsm_subs.h:1.57
--- src/sys/nfs/nfsm_subs.h:1.56 Thu Mar 23 19:52:33 2023
+++ src/sys/nfs/nfsm_subs.h Thu Mar 23 19:52:52 2023
@@ -1,4 +1,4 @@
-/* $NetBSD: nfsm_subs.h,v 1.56 2023/03/23 19:52:33 riastradh Exp $ */
+/* $NetBSD: nfsm_subs.h,v 1.57 2023/03/23 19:52:52 riastradh Exp $ */
/*
* Copyright (c) 1989, 1993
@@ -366,7 +366,7 @@
#define nfsm_strsiz(s,m) \
{ nfsm_dissect(tl,uint32_t *,NFSX_UNSIGNED); \
- if (((s) = fxdr_unsigned(uint32_t,*tl)) > (m)) { \
+ if ((uint32_t)((s) = fxdr_unsigned(uint32_t,*tl)) > (m)) { \
m_freem(mrep); \
error = EBADRPC; \
goto nfsmout; \
@@ -374,7 +374,8 @@
#define nfsm_srvnamesiz(s) \
{ nfsm_dissect(tl,uint32_t *,NFSX_UNSIGNED); \
- if (((s) = fxdr_unsigned(uint32_t,*tl)) > NFS_MAXNAMLEN) \
+ if ((uint32_t)((s) = fxdr_unsigned(uint32_t,*tl)) > \
+ NFS_MAXNAMLEN) \
error = NFSERR_NAMETOL; \
if (error) \
nfsm_reply(0); \
