diff options
author | bde <bde@FreeBSD.org> | 1996-12-19 13:22:30 +0000 |
---|---|---|
committer | bde <bde@FreeBSD.org> | 1996-12-19 13:22:30 +0000 |
commit | e184930a20dec02ac1479274793835c329f4b63f (patch) | |
tree | 7819fd58e70014e99e79a4fcbb577c4b83a0f629 /sys/kern | |
parent | 606c8b3dc8afcc5da2a67acf50973f480d1b111f (diff) | |
download | FreeBSD-src-e184930a20dec02ac1479274793835c329f4b63f.zip FreeBSD-src-e184930a20dec02ac1479274793835c329f4b63f.tar.gz |
Fixed arg checking in if_advlock(). Invalid args were accepted in an
optimized case. Preposterous lengths weren't checked for.
Found by: NIST-PCTS
Diffstat (limited to 'sys/kern')
-rw-r--r-- | sys/kern/kern_lockf.c | 25 |
1 files changed, 14 insertions, 11 deletions
diff --git a/sys/kern/kern_lockf.c b/sys/kern/kern_lockf.c index 98b3240..ffe31b1 100644 --- a/sys/kern/kern_lockf.c +++ b/sys/kern/kern_lockf.c @@ -34,7 +34,7 @@ * SUCH DAMAGE. * * @(#)ufs_lockf.c 8.3 (Berkeley) 1/6/94 - * $Id: kern_lockf.c,v 1.5 1995/12/14 08:31:26 phk Exp $ + * $Id: kern_lockf.c,v 1.6 1996/09/03 14:21:52 bde Exp $ */ #include <sys/param.h> @@ -93,15 +93,6 @@ lf_advlock(ap, head, size) int error; /* - * Avoid the common case of unlocking when inode has no locks. - */ - if (*head == (struct lockf *)0) { - if (ap->a_op != F_SETLK) { - fl->l_type = F_UNLCK; - return (0); - } - } - /* * Convert the flock structure into a start and end. */ switch (fl->l_whence) { @@ -126,8 +117,20 @@ lf_advlock(ap, head, size) return (EINVAL); if (fl->l_len == 0) end = -1; - else + else { end = start + fl->l_len - 1; + if (end < start) + return (EINVAL); + } + /* + * Avoid the common case of unlocking when inode has no locks. + */ + if (*head == (struct lockf *)0) { + if (ap->a_op != F_SETLK) { + fl->l_type = F_UNLCK; + return (0); + } + } /* * Create the lockf structure */ |