Le 24/01/2013 19:10, Matthew Dempsky a écrit :
> On Thu, Jan 24, 2013 at 9:57 AM, Maxime Villard <rusty...@gmx.fr> wrote:
>
>> > Hum here, if vp->v_type != VLNK, auio is untouched, but before returning
>> > we use auio.uio_resid, which is not initialized. Is it?
>> >
> Nice catch. We should probably move the *retval assignment up just after
> the VOP_READLINK() call, since this can technically result in undefined
> behavior if you try to readlink on a non-symlink file.
>
Yes.
Index: vfs_syscalls.c
===================================================================
RCS file: /cvs/src/sys/kern/vfs_syscalls.c,v
retrieving revision 1.189
diff -u -r1.189 vfs_syscalls.c
--- vfs_syscalls.c 10 Sep 2012 11:10:59 -0000 1.189
+++ vfs_syscalls.c 25 Jan 2013 15:30:30 -0000
@@ -1843,9 +1843,9 @@
auio.uio_procp = p;
auio.uio_resid = count;
error = VOP_READLINK(vp, &auio, p->p_ucred);
+ *retval = count - auio.uio_resid;
}
vput(vp);
- *retval = count - auio.uio_resid;
return (error);
}
> I don't think it should leak any information moment though, since the
> EINVAL errno will take precedence instead of *retval when we return to
> userspace.
>
>
