diff options
| author | dg <dg@FreeBSD.org> | 1995-08-07 07:58:23 +0000 |
|---|---|---|
| committer | dg <dg@FreeBSD.org> | 1995-08-07 07:58:23 +0000 |
| commit | fad46e4f97a35f12dc96b526b7d14f3ed00e7e26 (patch) | |
| tree | 57e81b8f4f931e9f781013a9db6c6679a7e3f2ec | |
| parent | d9b109975827973dc12bcc88eff6356d6dd941a6 (diff) | |
| download | FreeBSD-src-fad46e4f97a35f12dc96b526b7d14f3ed00e7e26.zip FreeBSD-src-fad46e4f97a35f12dc96b526b7d14f3ed00e7e26.tar.gz | |
Made msgbuf range checking more robust and clean.
| -rw-r--r-- | sys/kern/subr_log.c | 17 | ||||
| -rw-r--r-- | sys/kern/subr_prf.c | 8 | ||||
| -rw-r--r-- | sys/sys/msgbuf.h | 12 |
3 files changed, 13 insertions, 24 deletions
diff --git a/sys/kern/subr_log.c b/sys/kern/subr_log.c index d4e181e..0e4145a 100644 --- a/sys/kern/subr_log.c +++ b/sys/kern/subr_log.c @@ -31,7 +31,7 @@ * SUCH DAMAGE. * * @(#)subr_log.c 8.1 (Berkeley) 6/10/93 - * $Id: subr_log.c,v 1.7 1995/04/29 11:36:47 jkh Exp $ + * $Id: subr_log.c,v 1.8 1995/05/30 08:05:52 rgrimes Exp $ */ /* @@ -73,19 +73,6 @@ logopen(dev, flags, mode, p) return (EBUSY); log_open = 1; logsoftc.sc_pgid = p->p_pid; /* signal process only */ - /* - * Potential race here with putchar() but since putchar should be - * called by autoconf, msg_magic should be initialized by the time - * we get here. - */ - if (mbp->msg_magic != MSG_MAGIC) { - register int i; - - mbp->msg_magic = MSG_MAGIC; - mbp->msg_bufx = mbp->msg_bufr = 0; - for (i=0; i < MSG_BSIZE; i++) - mbp->msg_bufc[i] = 0; - } return (0); } @@ -142,7 +129,7 @@ logread(dev, uio, flag) if (error) break; mbp->msg_bufr += l; - if (mbp->msg_bufr < 0 || mbp->msg_bufr >= MSG_BSIZE) + if (mbp->msg_bufr >= MSG_BSIZE) mbp->msg_bufr = 0; } return (error); diff --git a/sys/kern/subr_prf.c b/sys/kern/subr_prf.c index 0c0f886..c817d0f 100644 --- a/sys/kern/subr_prf.c +++ b/sys/kern/subr_prf.c @@ -36,7 +36,7 @@ * SUCH DAMAGE. * * @(#)subr_prf.c 8.3 (Berkeley) 1/21/94 - * $Id: subr_prf.c,v 1.14 1995/06/14 07:55:07 bde Exp $ + * $Id: subr_prf.c,v 1.15 1995/08/06 22:00:17 davidg Exp $ */ #include <sys/param.h> @@ -504,8 +504,10 @@ putchar(c, flags, tp) if ((flags & TOLOG) && c != '\0' && c != '\r' && c != 0177 && msgbufmapped) { mbp = msgbufp; - if (mbp->msg_magic != MSG_MAGIC) { - bzero((caddr_t)mbp, sizeof(*mbp)); + if (mbp->msg_magic != MSG_MAGIC || + mbp->msg_bufx >= MSG_BSIZE || + mbp->msg_bufr >= MSG_BSIZE) { + bzero(mbp, sizeof(struct msgbuf)); mbp->msg_magic = MSG_MAGIC; } mbp->msg_bufc[mbp->msg_bufx++] = c; diff --git a/sys/sys/msgbuf.h b/sys/sys/msgbuf.h index 5d5c56a..d4823ea 100644 --- a/sys/sys/msgbuf.h +++ b/sys/sys/msgbuf.h @@ -31,19 +31,19 @@ * SUCH DAMAGE. * * @(#)msgbuf.h 8.1 (Berkeley) 6/2/93 - * $Id: msgbuf.h,v 1.4 1994/08/21 04:41:54 paul Exp $ + * $Id: msgbuf.h,v 1.5 1995/03/16 18:16:21 bde Exp $ */ #ifndef _SYS_MSGBUF_H_ #define _SYS_MSGBUF_H_ -#define MSG_BSIZE (4096 - 3 * sizeof(long)) +#define MSG_BSIZE (4096 - 3 * sizeof(unsigned int)) struct msgbuf { #define MSG_MAGIC 0x063061 - long msg_magic; - long msg_bufx; /* write pointer */ - long msg_bufr; /* read pointer */ - char msg_bufc[MSG_BSIZE]; /* buffer */ + unsigned int msg_magic; + unsigned int msg_bufx; /* write pointer */ + unsigned int msg_bufr; /* read pointer */ + char msg_bufc[MSG_BSIZE]; /* buffer */ }; #ifdef KERNEL extern int msgbufmapped; |
