Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/netbsd-9]: src/sys/compat/netbsd32 Pull up following revision(s), all vi...



details:   https://anonhg.NetBSD.org/src/rev/7bf36f519ecc
branches:  netbsd-9
changeset: 368770:7bf36f519ecc
user:      martin <martin%NetBSD.org@localhost>
date:      Wed Aug 03 11:05:51 2022 +0000

description:
Pull up following revision(s), all via patch
(requested by riastradh in ticket #1489):

        sys/compat/netbsd32/netbsd32_netbsd.c: revision 1.232
        sys/compat/netbsd32/netbsd32_socket.c: revision 1.56
        sys/compat/netbsd32/netbsd32_conv.h: revision 1.45
        sys/compat/netbsd32/netbsd32_fs.c: revision 1.92
        sys/compat/netbsd32/netbsd32.h: revision 1.137

The read/write/send/recv system calls return ssize_t because -1 is
returned on error.  Therefore we must restrict the lengths of any
buffers to NETBSD32_SSIZE_MAX with compat32 to avoid garbage return
values.

Fixes ATF lib/libc/sys/t_write:write_err.

diffstat:

 sys/compat/netbsd32/netbsd32.h        |   7 +++++--
 sys/compat/netbsd32/netbsd32_conv.h   |  21 ++++++++++++++++++---
 sys/compat/netbsd32/netbsd32_fs.c     |  10 ++++++----
 sys/compat/netbsd32/netbsd32_netbsd.c |  16 ++++++++++++++--
 sys/compat/netbsd32/netbsd32_socket.c |  10 ++++++++--
 5 files changed, 51 insertions(+), 13 deletions(-)

diffs (210 lines):

diff -r d25078d9e448 -r 7bf36f519ecc sys/compat/netbsd32/netbsd32.h
--- a/sys/compat/netbsd32/netbsd32.h    Wed Aug 03 11:01:51 2022 +0000
+++ b/sys/compat/netbsd32/netbsd32.h    Wed Aug 03 11:05:51 2022 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: netbsd32.h,v 1.123.4.2 2022/04/24 16:39:00 martin Exp $        */
+/*     $NetBSD: netbsd32.h,v 1.123.4.3 2022/08/03 11:05:51 martin Exp $        */
 
 /*
  * Copyright (c) 1998, 2001, 2008, 2015 Matthew R. Green
@@ -57,7 +57,7 @@
 #include <nfs/rpcv2.h>
 
 /*
- * first, define the basic types we need.
+ * first define the basic types we need, and any applicable limits.
  */
 
 typedef int32_t netbsd32_long;
@@ -72,6 +72,9 @@
 typedef int32_t netbsd32_intptr_t;
 typedef uint32_t netbsd32_uintptr_t;
 
+/* Note: 32-bit sparc defines ssize_t as long but still has same size as int. */
+#define        NETBSD32_SSIZE_MAX      INT32_MAX
+
 /* netbsd32_[u]int64 are machine dependent and defined below */
 
 /*
diff -r d25078d9e448 -r 7bf36f519ecc sys/compat/netbsd32/netbsd32_conv.h
--- a/sys/compat/netbsd32/netbsd32_conv.h       Wed Aug 03 11:01:51 2022 +0000
+++ b/sys/compat/netbsd32/netbsd32_conv.h       Wed Aug 03 11:05:51 2022 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: netbsd32_conv.h,v 1.38 2019/02/21 03:37:19 mrg Exp $   */
+/*     $NetBSD: netbsd32_conv.h,v 1.38.4.1 2022/08/03 11:05:51 martin Exp $    */
 
 /*
  * Copyright (c) 1998, 2001 Matthew R. Green
@@ -245,14 +245,16 @@
     int len)
 {
        int i, error=0;
-       u_int32_t iov_base;
-       u_int32_t iov_len;
+       uint32_t iov_base;
+       uint32_t iov_len, total_iov_len;
+
        /*
         * We could allocate an iov32p, do a copyin, and translate
         * each field and then free it all up, or we could copyin
         * each field separately.  I'm doing the latter to reduce
         * the number of MALLOC()s.
         */
+       total_iov_len = 0;
        for (i = 0; i < len; i++, iovp++, iov32p++) {
                if ((error = copyin(&iov32p->iov_base, &iov_base, sizeof(iov_base))))
                    return (error);
@@ -260,6 +262,19 @@
                    return (error);
                iovp->iov_base = (void *)(u_long)iov_base;
                iovp->iov_len = (size_t)iov_len;
+
+               /*
+                * System calls return ssize_t because -1 is returned
+                * on error.  Therefore we must restrict the length to
+                * SSIZE_MAX (NETBSD32_SSIZE_MAX with compat32) to
+                * avoid garbage return values.
+                */
+               total_iov_len += iov_len;
+               if (iov_len > NETBSD32_SSIZE_MAX ||
+                   total_iov_len > NETBSD32_SSIZE_MAX) {
+                       return EINVAL;
+                       break;
+               }
        }
        return error;
 }
diff -r d25078d9e448 -r 7bf36f519ecc sys/compat/netbsd32/netbsd32_fs.c
--- a/sys/compat/netbsd32/netbsd32_fs.c Wed Aug 03 11:01:51 2022 +0000
+++ b/sys/compat/netbsd32/netbsd32_fs.c Wed Aug 03 11:05:51 2022 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: netbsd32_fs.c,v 1.82.4.2 2022/04/24 16:39:00 martin Exp $      */
+/*     $NetBSD: netbsd32_fs.c,v 1.82.4.3 2022/08/03 11:05:51 martin Exp $      */
 
 /*
  * Copyright (c) 1998, 2001 Matthew R. Green
@@ -27,7 +27,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: netbsd32_fs.c,v 1.82.4.2 2022/04/24 16:39:00 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: netbsd32_fs.c,v 1.82.4.3 2022/08/03 11:05:51 martin Exp $");
 
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -176,7 +176,8 @@
                 * Therefore we must restrict the length to SSIZE_MAX to
                 * avoid garbage return values.
                 */
-               if (iov->iov_len > SSIZE_MAX || auio.uio_resid > SSIZE_MAX) {
+               if (iov->iov_len > NETBSD32_SSIZE_MAX ||
+                   auio.uio_resid > NETBSD32_SSIZE_MAX) {
                        error = EINVAL;
                        goto done;
                }
@@ -280,7 +281,8 @@
                 * Therefore we must restrict the length to SSIZE_MAX to
                 * avoid garbage return values.
                 */
-               if (iov->iov_len > SSIZE_MAX || auio.uio_resid > SSIZE_MAX) {
+               if (iov->iov_len > NETBSD32_SSIZE_MAX ||
+                   auio.uio_resid > NETBSD32_SSIZE_MAX) {
                        error = EINVAL;
                        goto done;
                }
diff -r d25078d9e448 -r 7bf36f519ecc sys/compat/netbsd32/netbsd32_netbsd.c
--- a/sys/compat/netbsd32/netbsd32_netbsd.c     Wed Aug 03 11:01:51 2022 +0000
+++ b/sys/compat/netbsd32/netbsd32_netbsd.c     Wed Aug 03 11:05:51 2022 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: netbsd32_netbsd.c,v 1.228 2019/06/20 03:31:54 kamil Exp $      */
+/*     $NetBSD: netbsd32_netbsd.c,v 1.228.2.1 2022/08/03 11:05:51 martin Exp $ */
 
 /*
  * Copyright (c) 1998, 2001, 2008, 2018 Matthew R. Green
@@ -27,7 +27,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: netbsd32_netbsd.c,v 1.228 2019/06/20 03:31:54 kamil Exp $");
+__KERNEL_RCSID(0, "$NetBSD: netbsd32_netbsd.c,v 1.228.2.1 2022/08/03 11:05:51 martin Exp $");
 
 /*
  * below are all the standard NetBSD system calls, in the 32bit
@@ -184,6 +184,9 @@
        } */
        struct sys_read_args ua;
 
+       if (SCARG(uap, nbyte) > NETBSD32_SSIZE_MAX)
+               return EINVAL;
+
        NETBSD32TO64_UAP(fd);
        NETBSD32TOP_UAP(buf, void *);
        NETBSD32TOX_UAP(nbyte, size_t);
@@ -200,6 +203,9 @@
        } */
        struct sys_write_args ua;
 
+       if (SCARG(uap, nbyte) > NETBSD32_SSIZE_MAX)
+               return EINVAL;
+
        NETBSD32TO64_UAP(fd);
        NETBSD32TOP_UAP(buf, void *);
        NETBSD32TOX_UAP(nbyte, size_t);
@@ -1183,6 +1189,9 @@
        } */
        struct sys_pread_args ua;
 
+       if (SCARG(uap, nbyte) > NETBSD32_SSIZE_MAX)
+               return EINVAL;
+
        NETBSD32TO64_UAP(fd);
        NETBSD32TOP_UAP(buf, void);
        NETBSD32TOX_UAP(nbyte, size_t);
@@ -1204,6 +1213,9 @@
        } */
        struct sys_pwrite_args ua;
 
+       if (SCARG(uap, nbyte) > NETBSD32_SSIZE_MAX)
+               return EINVAL;
+
        NETBSD32TO64_UAP(fd);
        NETBSD32TOP_UAP(buf, void);
        NETBSD32TOX_UAP(nbyte, size_t);
diff -r d25078d9e448 -r 7bf36f519ecc sys/compat/netbsd32/netbsd32_socket.c
--- a/sys/compat/netbsd32/netbsd32_socket.c     Wed Aug 03 11:01:51 2022 +0000
+++ b/sys/compat/netbsd32/netbsd32_socket.c     Wed Aug 03 11:05:51 2022 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: netbsd32_socket.c,v 1.49 2018/11/14 17:51:37 hannken Exp $     */
+/*     $NetBSD: netbsd32_socket.c,v 1.49.4.1 2022/08/03 11:05:51 martin Exp $  */
 
 /*
  * Copyright (c) 1998, 2001 Matthew R. Green
@@ -27,7 +27,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: netbsd32_socket.c,v 1.49 2018/11/14 17:51:37 hannken Exp $");
+__KERNEL_RCSID(0, "$NetBSD: netbsd32_socket.c,v 1.49.4.1 2022/08/03 11:05:51 martin Exp $");
 
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -635,6 +635,9 @@
        int             error;
        struct mbuf     *from;
 
+       if (SCARG(uap, len) > NETBSD32_SSIZE_MAX)
+               return EINVAL;
+
        msg.msg_name = NULL;
        msg.msg_iov = &aiov;
        msg.msg_iovlen = 1;
@@ -669,6 +672,9 @@
        struct msghdr msg;
        struct iovec aiov;
 
+       if (SCARG(uap, len) > NETBSD32_SSIZE_MAX)
+               return EINVAL;
+
        msg.msg_name = SCARG_P32(uap, to); /* XXX kills const */
        msg.msg_namelen = SCARG(uap, tolen);
        msg.msg_iov = &aiov;



Home | Main Index | Thread Index | Old Index