Module Name: src
Committed By: snj
Date: Wed Aug 25 04:16:01 UTC 2010
Modified Files:
src/sys/coda [netbsd-5-0]: coda.h coda_venus.c coda_vnops.c
Log Message:
Pull up following revision(s) (requested by christos in ticket #1431):
sys/coda/coda.h: revision 1.16
sys/coda/coda_venus.c: revision 1.28
sys/coda/coda_vnops.c: revision 1.76
Correct incomplete size checks for the coda ioctls. From Dan Rosenberg.
To generate a diff of this commit:
cvs rdiff -u -r1.14 -r1.14.58.1 src/sys/coda/coda.h
cvs rdiff -u -r1.25 -r1.25.58.1 src/sys/coda/coda_venus.c
cvs rdiff -u -r1.68 -r1.68.26.1 src/sys/coda/coda_vnops.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/coda/coda.h
diff -u src/sys/coda/coda.h:1.14 src/sys/coda/coda.h:1.14.58.1
--- src/sys/coda/coda.h:1.14 Sun Mar 4 06:01:11 2007
+++ src/sys/coda/coda.h Wed Aug 25 04:16:00 2010
@@ -1,4 +1,4 @@
-/* $NetBSD: coda.h,v 1.14 2007/03/04 06:01:11 christos Exp $ */
+/* $NetBSD: coda.h,v 1.14.58.1 2010/08/25 04:16:00 snj Exp $ */
/*
@@ -793,8 +793,8 @@
#define PIOCPARM_MASK 0x0000ffff
struct ViceIoctl {
void *in, *out; /* Data to be transferred in, or out */
- short in_size; /* Size of input buffer <= 2K */
- short out_size; /* Maximum size of output buffer, <= 2K */
+ unsigned short in_size; /* Size of input buffer <= 2K */
+ unsigned short out_size;/* Maximum size of output buffer, <= 2K */
};
struct PioctlData {
Index: src/sys/coda/coda_venus.c
diff -u src/sys/coda/coda_venus.c:1.25 src/sys/coda/coda_venus.c:1.25.58.1
--- src/sys/coda/coda_venus.c:1.25 Sun Mar 4 06:01:12 2007
+++ src/sys/coda/coda_venus.c Wed Aug 25 04:16:00 2010
@@ -1,4 +1,4 @@
-/* $NetBSD: coda_venus.c,v 1.25 2007/03/04 06:01:12 christos Exp $ */
+/* $NetBSD: coda_venus.c,v 1.25.58.1 2010/08/25 04:16:00 snj Exp $ */
/*
*
@@ -32,7 +32,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: coda_venus.c,v 1.25 2007/03/04 06:01:12 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: coda_venus.c,v 1.25.58.1 2010/08/25 04:16:00 snj Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -308,7 +308,7 @@
tmp = ((com >> 16) & IOCPARM_MASK) - sizeof (char *) - sizeof (int);
inp->cmd |= (tmp & IOCPARM_MASK) << 16;
- if (iap->vi.in_size < 0 || iap->vi.in_size > VC_MAXMSGSIZE) {
+ if (iap->vi.in_size > VC_MAXMSGSIZE || iap->vi.out_size > VC_MAXMSGSIZE) {
CODA_FREE(inp, coda_ioctl_size);
return (EINVAL);
}
Index: src/sys/coda/coda_vnops.c
diff -u src/sys/coda/coda_vnops.c:1.68 src/sys/coda/coda_vnops.c:1.68.26.1
--- src/sys/coda/coda_vnops.c:1.68 Wed Jan 30 09:50:19 2008
+++ src/sys/coda/coda_vnops.c Wed Aug 25 04:16:00 2010
@@ -1,4 +1,4 @@
-/* $NetBSD: coda_vnops.c,v 1.68 2008/01/30 09:50:19 ad Exp $ */
+/* $NetBSD: coda_vnops.c,v 1.68.26.1 2010/08/25 04:16:00 snj Exp $ */
/*
*
@@ -46,7 +46,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: coda_vnops.c,v 1.68 2008/01/30 09:50:19 ad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: coda_vnops.c,v 1.68.26.1 2010/08/25 04:16:00 snj Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -541,7 +541,7 @@
return(EINVAL);
}
- if (iap->vi.in_size > VC_MAXDATASIZE) {
+ if (iap->vi.in_size > VC_MAXDATASIZE || iap->vi.out_size > VC_MAXDATASIZE) {
vrele(tvp);
return(EINVAL);
}
