Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/sys/opencrypto Don't panic, just truncate, if the iov is too...



details:   https://anonhg.NetBSD.org/src/rev/c7557e233770
branches:  trunk
changeset: 762642:c7557e233770
user:      drochner <drochner%NetBSD.org@localhost>
date:      Thu Feb 24 19:28:03 2011 +0000

description:
Don't panic, just truncate, if the iov is too short in a COPYBACK.
This case can be triggered from userland cryptodev if the buffer
for decompressed data is too small.
(It would look cleaner if the lengths would be passed explicitely
everywhere, but that would thwart the abstraction done by COPYDATA/COPYBACK
which allows to treat mbufs and iovs the same way.)

diffstat:

 sys/opencrypto/criov.c |  20 ++++++++++++++------
 1 files changed, 14 insertions(+), 6 deletions(-)

diffs (48 lines):

diff -r 509f267c410c -r c7557e233770 sys/opencrypto/criov.c
--- a/sys/opencrypto/criov.c    Thu Feb 24 19:00:58 2011 +0000
+++ b/sys/opencrypto/criov.c    Thu Feb 24 19:28:03 2011 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: criov.c,v 1.7 2009/03/14 21:04:26 dsl Exp $ */
+/*     $NetBSD: criov.c,v 1.8 2011/02/24 19:28:03 drochner Exp $ */
 /*      $OpenBSD: criov.c,v 1.11 2002/06/10 19:36:43 espie Exp $       */
 
 /*
@@ -29,7 +29,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: criov.c,v 1.7 2009/03/14 21:04:26 dsl Exp $");
+__KERNEL_RCSID(0, "$NetBSD: criov.c,v 1.8 2011/02/24 19:28:03 drochner Exp $");
 
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -90,8 +90,12 @@
        if (len < 0)
                panic("cuio_copyback: len %d < 0", len);
        while (off > 0) {
-               if (iol == 0)
-                       panic("cuio_copyback: empty in skip");
+               if (iol == 0) {
+#ifdef DEBUG
+                       printf("cuio_copyback: empty in skip\n");
+#endif
+                       return;
+               }
                if (off < iov->iov_len)
                        break;
                off -= iov->iov_len;
@@ -99,8 +103,12 @@
                iov++;
        }
        while (len > 0) {
-               if (iol == 0)
-                       panic("uio_copyback: empty");
+               if (iol == 0) {
+#ifdef DEBUG
+                       printf("uio_copyback: empty\n");
+#endif
+                       return;
+               }
                count = min(iov->iov_len - off, len);
                memcpy((char *)iov->iov_base + off, cp, count);
                len -= count;



Home | Main Index | Thread Index | Old Index