Module Name: src
Committed By: pooka
Date: Fri Feb 18 16:10:10 UTC 2011
Modified Files:
src/lib/librmt: rmtlib.c
Log Message:
Improve isrmt() check: it cannot be a rmt fd if there are no pipes
open for the fd. Prevents collision with rumphijack.
Also, prevent potential hyperspace memory access.
Does someone want to write tests for this facility?
To generate a diff of this commit:
cvs rdiff -u -r1.22 -r1.23 src/lib/librmt/rmtlib.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/lib/librmt/rmtlib.c
diff -u src/lib/librmt/rmtlib.c:1.22 src/lib/librmt/rmtlib.c:1.23
--- src/lib/librmt/rmtlib.c:1.22 Tue Aug 31 05:12:35 2010
+++ src/lib/librmt/rmtlib.c Fri Feb 18 16:10:09 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: rmtlib.c,v 1.22 2010/08/31 05:12:35 enami Exp $ */
+/* $NetBSD: rmtlib.c,v 1.23 2011/02/18 16:10:09 pooka Exp $ */
/*
* rmt --- remote tape emulator subroutines
@@ -28,7 +28,7 @@
*/
#include <sys/cdefs.h>
-__RCSID("$NetBSD: rmtlib.c,v 1.22 2010/08/31 05:12:35 enami Exp $");
+__RCSID("$NetBSD: rmtlib.c,v 1.23 2011/02/18 16:10:09 pooka Exp $");
#define RMTIOCTL 1
/* #define USE_REXEC 1 */ /* rexec code courtesy of Dan Kegel, srs!dan */
@@ -670,8 +670,10 @@
int
isrmt(int fd)
{
+ int unbias = fd - REM_BIAS;
- return (fd >= REM_BIAS);
+ return (fd >= REM_BIAS) && unbias < MAXUNIT &&
+ (WRITE(unbias) != -1 || READ(unbias) != -1);
}
