diff options
author | dg <dg@FreeBSD.org> | 1994-09-02 10:23:43 +0000 |
---|---|---|
committer | dg <dg@FreeBSD.org> | 1994-09-02 10:23:43 +0000 |
commit | 70a7b53e066a66692fa03c5ba75393c4fda4bd24 (patch) | |
tree | 03834478d06cab332efebe8dddf79fd94ed78f3a /sys | |
parent | 28c9f84238cb7b612ca7daf91875168e7453dbd6 (diff) | |
download | FreeBSD-src-70a7b53e066a66692fa03c5ba75393c4fda4bd24.zip FreeBSD-src-70a7b53e066a66692fa03c5ba75393c4fda4bd24.tar.gz |
Disallow truncating to negative file sizes. Doing so causes ffs_truncate()
and perhaps other fs truncate's to go crazy and panic the machine or worse.
This fixes the truncate bug reported by Michael Class.
Diffstat (limited to 'sys')
-rw-r--r-- | sys/kern/vfs_extattr.c | 6 | ||||
-rw-r--r-- | sys/kern/vfs_syscalls.c | 6 |
2 files changed, 10 insertions, 2 deletions
diff --git a/sys/kern/vfs_extattr.c b/sys/kern/vfs_extattr.c index 706c60c..6f4d9b0 100644 --- a/sys/kern/vfs_extattr.c +++ b/sys/kern/vfs_extattr.c @@ -36,7 +36,7 @@ * SUCH DAMAGE. * * @(#)vfs_syscalls.c 8.13 (Berkeley) 4/15/94 - * $Id: vfs_syscalls.c,v 1.4 1994/08/20 16:03:14 davidg Exp $ + * $Id: vfs_syscalls.c,v 1.5 1994/09/02 04:14:44 davidg Exp $ */ #include <sys/param.h> @@ -1613,6 +1613,8 @@ truncate(p, uap, retval) int error; struct nameidata nd; + if (uap->length < 0) + return(EINVAL); NDINIT(&nd, LOOKUP, FOLLOW, UIO_USERSPACE, uap->path, p); if (error = namei(&nd)) return (error); @@ -1651,6 +1653,8 @@ ftruncate(p, uap, retval) struct file *fp; int error; + if (uap->length < 0) + return(EINVAL); if (error = getvnode(p->p_fd, uap->fd, &fp)) return (error); if ((fp->f_flag & FWRITE) == 0) diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c index 706c60c..6f4d9b0 100644 --- a/sys/kern/vfs_syscalls.c +++ b/sys/kern/vfs_syscalls.c @@ -36,7 +36,7 @@ * SUCH DAMAGE. * * @(#)vfs_syscalls.c 8.13 (Berkeley) 4/15/94 - * $Id: vfs_syscalls.c,v 1.4 1994/08/20 16:03:14 davidg Exp $ + * $Id: vfs_syscalls.c,v 1.5 1994/09/02 04:14:44 davidg Exp $ */ #include <sys/param.h> @@ -1613,6 +1613,8 @@ truncate(p, uap, retval) int error; struct nameidata nd; + if (uap->length < 0) + return(EINVAL); NDINIT(&nd, LOOKUP, FOLLOW, UIO_USERSPACE, uap->path, p); if (error = namei(&nd)) return (error); @@ -1651,6 +1653,8 @@ ftruncate(p, uap, retval) struct file *fp; int error; + if (uap->length < 0) + return(EINVAL); if (error = getvnode(p->p_fd, uap->fd, &fp)) return (error); if ((fp->f_flag & FWRITE) == 0) |