summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorbp <bp@FreeBSD.org>2000-01-08 10:45:54 +0000
committerbp <bp@FreeBSD.org>2000-01-08 10:45:54 +0000
commit21379a643b17a4036c71d1ef4fc1dc1b7da3df41 (patch)
tree0f3d81c2c478f4ebb3ad6e9c917faece567bcea3
parentb97e1104028b7c81dde2286250cadce642c9ff6a (diff)
downloadFreeBSD-src-21379a643b17a4036c71d1ef4fc1dc1b7da3df41.zip
FreeBSD-src-21379a643b17a4036c71d1ef4fc1dc1b7da3df41.tar.gz
Treat negative uio_offset value as eof (idea by: bde).
Prevent overflows by casting uio_offset to uoff_t. Return correct error number if directory entry is broken. Reviewed by: bde
-rw-r--r--sys/fs/msdosfs/msdosfs_vnops.c19
-rw-r--r--sys/msdosfs/msdosfs_vnops.c19
2 files changed, 22 insertions, 16 deletions
diff --git a/sys/fs/msdosfs/msdosfs_vnops.c b/sys/fs/msdosfs/msdosfs_vnops.c
index 15e8578..5ce4990 100644
--- a/sys/fs/msdosfs/msdosfs_vnops.c
+++ b/sys/fs/msdosfs/msdosfs_vnops.c
@@ -566,8 +566,8 @@ msdosfs_read(ap)
if (uio->uio_offset < 0)
return (EINVAL);
- if (uio->uio_offset > DOS_FILESIZE_MAX)
- return (EFBIG);
+ if ((uoff_t)uio->uio_offset > DOS_FILESIZE_MAX)
+ return (0);
/*
* If they didn't ask for any data, then we are done.
*/
@@ -590,7 +590,10 @@ msdosfs_read(ap)
if (isadir) {
/* convert cluster # to block # */
error = pcbmap(dep, lbn, &lbn, 0, &blsize);
- if (error)
+ if (error == E2BIG) {
+ error = EINVAL;
+ break;
+ } else if (error)
break;
error = bread(pmp->pm_devvp, lbn, blsize, NOCRED, &bp);
} else {
@@ -676,24 +679,24 @@ msdosfs_write(ap)
}
if (uio->uio_offset < 0)
- return (EINVAL);
+ return (EFBIG);
if (uio->uio_resid == 0)
return (0);
- if (uio->uio_offset + uio->uio_resid > DOS_FILESIZE_MAX)
- return (EFBIG);
-
/*
* If they've exceeded their filesize limit, tell them about it.
*/
if (p &&
- ((uio->uio_offset + uio->uio_resid) >
+ ((uoff_t)uio->uio_offset + uio->uio_resid >
p->p_rlimit[RLIMIT_FSIZE].rlim_cur)) {
psignal(p, SIGXFSZ);
return (EFBIG);
}
+ if ((uoff_t)uio->uio_offset + uio->uio_resid > DOS_FILESIZE_MAX)
+ return (EFBIG);
+
/*
* If the offset we are starting the write at is beyond the end of
* the file, then they've done a seek. Unix filesystems allow
diff --git a/sys/msdosfs/msdosfs_vnops.c b/sys/msdosfs/msdosfs_vnops.c
index 15e8578..5ce4990 100644
--- a/sys/msdosfs/msdosfs_vnops.c
+++ b/sys/msdosfs/msdosfs_vnops.c
@@ -566,8 +566,8 @@ msdosfs_read(ap)
if (uio->uio_offset < 0)
return (EINVAL);
- if (uio->uio_offset > DOS_FILESIZE_MAX)
- return (EFBIG);
+ if ((uoff_t)uio->uio_offset > DOS_FILESIZE_MAX)
+ return (0);
/*
* If they didn't ask for any data, then we are done.
*/
@@ -590,7 +590,10 @@ msdosfs_read(ap)
if (isadir) {
/* convert cluster # to block # */
error = pcbmap(dep, lbn, &lbn, 0, &blsize);
- if (error)
+ if (error == E2BIG) {
+ error = EINVAL;
+ break;
+ } else if (error)
break;
error = bread(pmp->pm_devvp, lbn, blsize, NOCRED, &bp);
} else {
@@ -676,24 +679,24 @@ msdosfs_write(ap)
}
if (uio->uio_offset < 0)
- return (EINVAL);
+ return (EFBIG);
if (uio->uio_resid == 0)
return (0);
- if (uio->uio_offset + uio->uio_resid > DOS_FILESIZE_MAX)
- return (EFBIG);
-
/*
* If they've exceeded their filesize limit, tell them about it.
*/
if (p &&
- ((uio->uio_offset + uio->uio_resid) >
+ ((uoff_t)uio->uio_offset + uio->uio_resid >
p->p_rlimit[RLIMIT_FSIZE].rlim_cur)) {
psignal(p, SIGXFSZ);
return (EFBIG);
}
+ if ((uoff_t)uio->uio_offset + uio->uio_resid > DOS_FILESIZE_MAX)
+ return (EFBIG);
+
/*
* If the offset we are starting the write at is beyond the end of
* the file, then they've done a seek. Unix filesystems allow
OpenPOWER on IntegriCloud