tech-kern: Re: copyinstr() with a zero-length buffer

Subject: Re: copyinstr() with a zero-length buffer
To: Chuck Silvers <chuq@chuq.com>
From: Charles M. Hannum <root@ihack.net>
List: tech-kern
Date: 11/02/1999 11:26:57
BTW, here's a simple (but untested patch)...

Index: locore.s
===================================================================
RCS file: /cvsroot/syssrc/sys/arch/sparc/sparc/locore.s,v
retrieving revision 1.125
diff -c -2 -r1.125 locore.s
*** locore.s	1999/10/04 19:23:49	1.125
--- locore.s	1999/11/02 16:23:51
***************
*** 4159,4167 ****
  ENTRY(copyinstr)
  	! %o0 = fromaddr, %o1 = toaddr, %o2 = maxlen, %o3 = &lencopied
! #ifdef DIAGNOSTIC
! 	tst	%o2			! kernel should never give maxlen <= 0
! 	ble	1f
! 	 EMPTY
! #endif
  	set	KERNBASE, %o4
  	cmp	%o0, %o4		! fromaddr < KERNBASE?
--- 4159,4167 ----
  ENTRY(copyinstr)
  	! %o0 = fromaddr, %o1 = toaddr, %o2 = maxlen, %o3 = &lencopied
! 	mov	%o1, %o5		!	save = toaddr;
! 	tst	%o2			!	if (maxlen == 0)
! 	be	Lcsdone			!	error = ENAMETOOLONG;
! 	 mov	ENAMETOOLONG, %o0	!	goto done;
! 
  	set	KERNBASE, %o4
  	cmp	%o0, %o4		! fromaddr < KERNBASE?
***************
*** 4172,4182 ****
  	 mov	EFAULT, %o0
  
- 1:
- 	sethi	%hi(2f), %o0
- 	call	_C_LABEL(panic)
- 	 or	%lo(2f), %o0, %o0
- 2:	.asciz	"copyinstr"
- 	_ALIGN
- 
  /*
   * copyoutstr(fromaddr, toaddr, maxlength, &lencopied)
--- 4172,4175 ----
***************
*** 4187,4195 ****
  ENTRY(copyoutstr)
  	! %o0 = fromaddr, %o1 = toaddr, %o2 = maxlen, %o3 = &lencopied
! #ifdef DIAGNOSTIC
! 	tst	%o2
! 	ble	1f
! 	 EMPTY
! #endif
  	set	KERNBASE, %o4
  	cmp	%o1, %o4		! toaddr < KERNBASE?
--- 4180,4188 ----
  ENTRY(copyoutstr)
  	! %o0 = fromaddr, %o1 = toaddr, %o2 = maxlen, %o3 = &lencopied
! 	mov	%o1, %o5		!	save = toaddr;
! 	tst	%o2			!	if (maxlen == 0)
! 	be	Lcsdone			!	error = ENAMETOOLONG;
! 	 mov	ENAMETOOLONG, %o0	!	goto done;
! 
  	set	KERNBASE, %o4
  	cmp	%o1, %o4		! toaddr < KERNBASE?
***************
*** 4200,4210 ****
  	 mov	EFAULT, %o0
  
- 1:
- 	sethi	%hi(2f), %o0
- 	call	_C_LABEL(panic)
- 	 or	%lo(2f), %o0, %o0
- 2:	.asciz	"copyoutstr"
- 	_ALIGN
- 
  Lcsdocopy:
  !	sethi	%hi(cpcb), %o4		! (done earlier)
--- 4193,4196 ----
***************
*** 4213,4217 ****
  	st	%o5, [%o4 + PCB_ONFAULT]
  
- 	mov	%o1, %o5		!	save = toaddr;
  ! XXX should do this in bigger chunks when possible
  0:					! loop:
--- 4199,4202 ----
***************
*** 4251,4260 ****
   */
  ENTRY(copystr)
- #ifdef DIAGNOSTIC
- 	tst	%o2			! 	if (maxlength <= 0)
- 	ble	4f			!		panic(...);
- 	 EMPTY
- #endif
  	mov	%o1, %o5		!	to0 = to;
  0:					! loop:
  	ldsb	[%o0], %o4		!	c = *from;
--- 4236,4244 ----
   */
  ENTRY(copystr)
  	mov	%o1, %o5		!	to0 = to;
+ 	tst	%o2			! 	if (maxlen <= 0)
+ 	be	2f			!	error = ENAMETOOLONG;
+ 	 mov	ENAMETOOLONG, %o0	!	goto done;
+ 
  0:					! loop:
  	ldsb	[%o0], %o4		!	c = *from;
***************
*** 4278,4290 ****
  	retl
  	 nop
- #ifdef DIAGNOSTIC
- 4:
- 	sethi	%hi(5f), %o0
- 	call	_C_LABEL(panic)
- 	 or	%lo(5f), %o0, %o0
- 5:
- 	.asciz	"copystr"
- 	_ALIGN
- #endif
  
  /*
--- 4262,4265 ----