Author: trasz
Date: Fri Nov 20 14:08:12 2015
New Revision: 291098
URL: https://svnweb.freebsd.org/changeset/base/291098
Log:
The freebsd4_getfsstat() was broken in r281551 to always return 0 on success.
All versions of getfsstat(3) are supposed to return the number of [o]statfs
structs in the array that was copied out.
Also fix missing bounds checking and signed comparison of unsigned types.
Submitted by: bde@
MFC after: 1 month
Sponsored by: The FreeBSD Foundation
Modified:
head/sys/kern/vfs_syscalls.c
Modified: head/sys/kern/vfs_syscalls.c
==============================================================================
--- head/sys/kern/vfs_syscalls.c Fri Nov 20 12:32:49 2015
(r291097)
+++ head/sys/kern/vfs_syscalls.c Fri Nov 20 14:08:12 2015
(r291098)
@@ -435,6 +435,8 @@ sys_getfsstat(td, uap)
size_t count;
int error;
+ if (uap->bufsize < 0 || uap->bufsize > SIZE_MAX)
+ return (EINVAL);
error = kern_getfsstat(td, &uap->buf, uap->bufsize, &count,
UIO_USERSPACE, uap->flags);
if (error == 0)
@@ -625,13 +627,18 @@ freebsd4_getfsstat(td, uap)
size_t count, size;
int error;
+ if (uap->bufsize < 0)
+ return (EINVAL);
count = uap->bufsize / sizeof(struct ostatfs);
+ if (count > SIZE_MAX / sizeof(struct statfs))
+ return (EINVAL);
size = count * sizeof(struct statfs);
error = kern_getfsstat(td, &buf, size, &count, UIO_SYSSPACE,
uap->flags);
- if (size > 0) {
+ td->td_retval[0] = count;
+ if (size != 0) {
sp = buf;
- while (count > 0 && error == 0) {
+ while (count != 0 && error == 0) {
cvtstatfs(sp, &osb);
error = copyout(&osb, uap->buf, sizeof(osb));
sp++;
@@ -640,8 +647,6 @@ freebsd4_getfsstat(td, uap)
}
free(buf, M_TEMP);
}
- if (error == 0)
- td->td_retval[0] = count;
return (error);
}
_______________________________________________
[email protected] mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "[email protected]"
