Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/compat Bounds check syscall arguments where appropriate
details: https://anonhg.NetBSD.org/src/rev/55fd27aee18a
branches: trunk
changeset: 570765:55fd27aee18a
user: david <david%NetBSD.org@localhost>
date: Wed Oct 27 19:29:56 2004 +0000
description:
Bounds check syscall arguments where appropriate
diffstat:
sys/compat/common/vm_43.c | 5 ++-
sys/compat/darwin/darwin_mman.c | 6 +++-
sys/compat/darwin/darwin_route.c | 11 +++++---
sys/compat/darwin/darwin_socket.c | 46 ++++++++++++++++++++++++--------------
sys/compat/darwin/darwin_socket.h | 6 ++--
sys/compat/hpux/hpux_compat.c | 12 ++++++++-
sys/compat/hpux/hpux_file.c | 7 +++--
sys/compat/hpux/hpux_tty.c | 11 +++++---
sys/compat/ibcs2/ibcs2_misc.c | 9 ++++---
sys/compat/irix/irix_prctl.c | 8 +++---
10 files changed, 76 insertions(+), 45 deletions(-)
diffs (truncated from 477 to 300 lines):
diff -r f6d764fcdc85 -r 55fd27aee18a sys/compat/common/vm_43.c
--- a/sys/compat/common/vm_43.c Wed Oct 27 19:17:13 2004 +0000
+++ b/sys/compat/common/vm_43.c Wed Oct 27 19:29:56 2004 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: vm_43.c,v 1.9 2003/08/07 16:30:37 agc Exp $ */
+/* $NetBSD: vm_43.c,v 1.10 2004/10/27 19:29:57 david Exp $ */
/*
* Copyright (c) 1991, 1993
@@ -82,7 +82,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: vm_43.c,v 1.9 2003/08/07 16:30:37 agc Exp $");
+__KERNEL_RCSID(0, "$NetBSD: vm_43.c,v 1.10 2004/10/27 19:29:57 david Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -146,6 +146,7 @@
SCARG(&nargs, addr) = SCARG(uap, addr);
SCARG(&nargs, len) = SCARG(uap, len);
+ /* Note: index using prot is sign-safe due to mask */
SCARG(&nargs, prot) = cvtbsdprot[SCARG(uap, prot)&0x7];
SCARG(&nargs, flags) = 0;
if (SCARG(uap, flags) & OMAP_ANON)
diff -r f6d764fcdc85 -r 55fd27aee18a sys/compat/darwin/darwin_mman.c
--- a/sys/compat/darwin/darwin_mman.c Wed Oct 27 19:17:13 2004 +0000
+++ b/sys/compat/darwin/darwin_mman.c Wed Oct 27 19:29:56 2004 +0000
@@ -1,6 +1,6 @@
#undef DEBUG_DARWIN
#undef DEBUG_MACH
-/* $NetBSD: darwin_mman.c,v 1.13 2004/07/28 22:24:06 manu Exp $ */
+/* $NetBSD: darwin_mman.c,v 1.14 2004/10/27 19:29:57 david Exp $ */
/*-
* Copyright (c) 2002 The NetBSD Foundation, Inc.
@@ -39,7 +39,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: darwin_mman.c,v 1.13 2004/07/28 22:24:06 manu Exp $");
+__KERNEL_RCSID(0, "$NetBSD: darwin_mman.c,v 1.14 2004/10/27 19:29:57 david Exp $");
#include <sys/types.h>
#include <sys/param.h>
@@ -139,6 +139,8 @@
vref(vp);
/* XXX maximum count ? */
+ if (SCARG(uap, count) < 0)
+ return EINVAL;
maplen = sizeof(*mapp) * SCARG(uap, count);
if (maplen > PAGE_SIZE) {
error = ENOMEM;
diff -r f6d764fcdc85 -r 55fd27aee18a sys/compat/darwin/darwin_route.c
--- a/sys/compat/darwin/darwin_route.c Wed Oct 27 19:17:13 2004 +0000
+++ b/sys/compat/darwin/darwin_route.c Wed Oct 27 19:29:56 2004 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: darwin_route.c,v 1.6 2004/07/24 01:00:29 manu Exp $ */
+/* $NetBSD: darwin_route.c,v 1.7 2004/10/27 19:29:57 david Exp $ */
/*-
* Copyright (c) 2004 The NetBSD Foundation, Inc.
@@ -37,7 +37,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: darwin_route.c,v 1.6 2004/07/24 01:00:29 manu Exp $");
+__KERNEL_RCSID(0, "$NetBSD: darwin_route.c,v 1.7 2004/10/27 19:29:57 david Exp $");
#include <sys/errno.h>
#include <sys/systm.h>
@@ -89,7 +89,9 @@
#endif
continue;
}
- native_to_darwin_sockaddr((struct sockaddr *)laddr, &dladdr);
+ if (native_to_darwin_sockaddr((struct sockaddr *)laddr,
+ &dladdr) == EINVAL)
+ return EINVAL;
dim.dim_len = sizeof(dim) + ALIGN(dladdr.ss_len);
dim.dim_vers = DARWIN_RTM_VERSION;
@@ -268,7 +270,8 @@
size_t len;
int error;
- native_to_darwin_sockaddr(sap, &ss);
+ if (native_to_darwin_sockaddr(sap, &ss) == EINVAL)
+ return EINVAL;
len = ss.ss_len;
*sizep += ALIGN(len);
diff -r f6d764fcdc85 -r 55fd27aee18a sys/compat/darwin/darwin_socket.c
--- a/sys/compat/darwin/darwin_socket.c Wed Oct 27 19:17:13 2004 +0000
+++ b/sys/compat/darwin/darwin_socket.c Wed Oct 27 19:29:56 2004 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: darwin_socket.c,v 1.5 2004/07/28 22:24:06 manu Exp $ */
+/* $NetBSD: darwin_socket.c,v 1.6 2004/10/27 19:29:57 david Exp $ */
/*-
* Copyright (c) 2004 The NetBSD Foundation, Inc.
@@ -37,7 +37,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: darwin_socket.c,v 1.5 2004/07/28 22:24:06 manu Exp $");
+__KERNEL_RCSID(0, "$NetBSD: darwin_socket.c,v 1.6 2004/10/27 19:29:57 david Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -140,7 +140,7 @@
0,
};
-void
+int
native_to_darwin_sockaddr(nsa, dsa)
struct sockaddr *nsa;
struct sockaddr_storage *dsa;
@@ -149,16 +149,17 @@
if ((len = nsa->sa_len) > _SS_MAXSIZE) {
printf("native_to_darwin_sockaddr: sa_len too big");
- return;
+ return 0;
}
memcpy(dsa, nsa, len);
+ /* Array dereference is safe. sa_family is type unsigned */
dsa->ss_family = native_to_darwin_af[nsa->sa_family];
- return;
+ return 0;
}
-void
+int
darwin_to_native_sockaddr(dsa, nsa)
struct sockaddr *dsa;
struct sockaddr_storage *nsa;
@@ -167,7 +168,7 @@
if ((len = dsa->sa_len) > _SS_MAXSIZE) {
printf("darwin_to_native_sockaddr: sa_len too big");
- return;
+ return EINVAL;
}
if (len == 0) {
@@ -186,22 +187,23 @@
if (len > _SS_MAXSIZE) {
printf("darwin_to_native_sockaddr: "
"sa_len too big");
- return;
+ return EINVAL;
}
break;
}
default:
printf("darwin_to_native_sockaddr: sa_len not set");
- return;
+ return EINVAL;
break;
}
}
memcpy(nsa, dsa, len);
+ /* Array dereference is safe. sa_family is type unsigned */
nsa->ss_family = darwin_to_native_af[dsa->sa_family];
- return;
+ return 0;
}
int
@@ -217,6 +219,9 @@
} */ *uap = v;
struct sys_socket_args cup;
+ if (SCARG(uap, domain) < 0)
+ return (EPROTONOSUPPORT);
+
SCARG(&cup, domain) = darwin_to_native_af[SCARG(uap, domain)];
SCARG(&cup, type) = SCARG(uap, type);
SCARG(&cup, protocol) = SCARG(uap, protocol);
@@ -265,7 +270,8 @@
if ((error = copyin(nssp, &nss, sizeof(nss))) != 0)
return error;
- native_to_darwin_sockaddr((struct sockaddr *)&nss, &dss);
+ if ((error = native_to_darwin_sockaddr((struct sockaddr *)&nss, &dss)) != 0)
+ return error;
if ((error = copyin(SCARG(uap, fromlenaddr), &len, sizeof(len))) != 0)
return error;
@@ -316,7 +322,8 @@
if ((error = copyin(nssp, &nss, sizeof(nss))) != 0)
return error;
- native_to_darwin_sockaddr((struct sockaddr *)&nss, &dss);
+ if ((error = native_to_darwin_sockaddr((struct sockaddr *)&nss, &dss)) != 0)
+ return error;
if ((error = copyin(SCARG(uap, anamelen), &len, sizeof(len))) != 0)
return error;
@@ -367,7 +374,8 @@
if ((error = copyin(nssp, &nss, sizeof(nss))) != 0)
return error;
- native_to_darwin_sockaddr((struct sockaddr *)&nss, &dss);
+ if ((error = native_to_darwin_sockaddr((struct sockaddr *)&nss, &dss)) != 0)
+ return error;
if ((error = copyin(SCARG(uap, alen), &len, sizeof(len))) != 0)
return error;
@@ -418,7 +426,8 @@
if ((error = copyin(nssp, &nss, sizeof(nss))) != 0)
return error;
- native_to_darwin_sockaddr((struct sockaddr *)&nss, &dss);
+ if ((error = native_to_darwin_sockaddr((struct sockaddr *)&nss, &dss)) != 0)
+ return error;
if ((error = copyin(SCARG(uap, alen), &len, sizeof(len))) != 0)
return error;
@@ -462,7 +471,8 @@
if ((error = copyin(SCARG(uap, name), &dss, sizeof(dss))) != 0)
return error;
- darwin_to_native_sockaddr((struct sockaddr *)&dss, &nss);
+ if ((error = darwin_to_native_sockaddr((struct sockaddr *)&dss, &nss)) != 0)
+ return error;
len = SCARG(uap, namelen);
if (nss.ss_len < len)
@@ -503,7 +513,8 @@
if ((error = copyin(SCARG(uap, name), &dss, sizeof(dss))) != 0)
return error;
- darwin_to_native_sockaddr((struct sockaddr *)&dss, &nss);
+ if ((error = darwin_to_native_sockaddr((struct sockaddr *)&dss, &nss)) != 0)
+ return error;
len = SCARG(uap, namelen);
if (nss.ss_len < len)
@@ -547,7 +558,8 @@
if ((error = copyin(SCARG(uap, to), &dss, sizeof(dss))) != 0)
return error;
- darwin_to_native_sockaddr((struct sockaddr *)&dss, &nss);
+ if ((error = darwin_to_native_sockaddr((struct sockaddr *)&dss, &nss)) != 0)
+ return error;
len = SCARG(uap, tolen);
if (nss.ss_len < len)
diff -r f6d764fcdc85 -r 55fd27aee18a sys/compat/darwin/darwin_socket.h
--- a/sys/compat/darwin/darwin_socket.h Wed Oct 27 19:17:13 2004 +0000
+++ b/sys/compat/darwin/darwin_socket.h Wed Oct 27 19:29:56 2004 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: darwin_socket.h,v 1.3 2004/07/21 23:43:25 manu Exp $ */
+/* $NetBSD: darwin_socket.h,v 1.4 2004/10/27 19:29:57 david Exp $ */
/*-
* Copyright (c) 2004 The NetBSD Foundation, Inc.
@@ -80,7 +80,7 @@
extern unsigned char native_to_darwin_af[];
extern unsigned char darwin_to_native_af[];
-void native_to_darwin_sockaddr(struct sockaddr *, struct sockaddr_storage *);
-void darwin_to_native_sockaddr(struct sockaddr *, struct sockaddr_storage *);
+int native_to_darwin_sockaddr(struct sockaddr *, struct sockaddr_storage *);
+int darwin_to_native_sockaddr(struct sockaddr *, struct sockaddr_storage *);
#endif /* _DARWIN_SOCKET_H */
diff -r f6d764fcdc85 -r 55fd27aee18a sys/compat/hpux/hpux_compat.c
--- a/sys/compat/hpux/hpux_compat.c Wed Oct 27 19:17:13 2004 +0000
+++ b/sys/compat/hpux/hpux_compat.c Wed Oct 27 19:29:56 2004 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: hpux_compat.c,v 1.69 2004/06/01 11:05:40 pk Exp $ */
+/* $NetBSD: hpux_compat.c,v 1.70 2004/10/27 19:29:57 david Exp $ */
/*
* Copyright (c) 1990, 1993
@@ -82,7 +82,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: hpux_compat.c,v 1.69 2004/06/01 11:05:40 pk Exp $");
+__KERNEL_RCSID(0, "$NetBSD: hpux_compat.c,v 1.70 2004/10/27 19:29:57 david Exp $");
#if defined(_KERNEL_OPT)
#include "opt_sysv.h"
@@ -324,6 +324,7 @@
error = sys_read(l, (struct sys_read_args *) uap, retval);
if (error == EWOULDBLOCK) {
+ /* sys_read validates fd before this indexing */
Home |
Main Index |
Thread Index |
Old Index