From 9b50a3bc0430b2517b607d70920eb81dd0f861ce Mon Sep 17 00:00:00 2001
From: ache <ache@FreeBSD.org>
Date: Thu, 23 Aug 2001 08:54:22 +0000
Subject: adv. lock: copy EOVERFLOW handling code from main variant fix type of
 'size' arg

---
 sys/fs/smbfs/smbfs_vnops.c | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

(limited to 'sys/fs')

diff --git a/sys/fs/smbfs/smbfs_vnops.c b/sys/fs/smbfs/smbfs_vnops.c
index fabc651..672e665 100644
--- a/sys/fs/smbfs/smbfs_vnops.c
+++ b/sys/fs/smbfs/smbfs_vnops.c
@@ -31,6 +31,7 @@
  *
  * $FreeBSD$
  */
+#include <machine/limits.h>
 #include <sys/param.h>
 #include <sys/systm.h>
 #include <sys/namei.h>
@@ -974,9 +975,12 @@ smbfs_advlock(ap)
 /*	int flags = ap->a_flags;*/
 	struct proc *p = curproc;
 	struct smb_cred scred;
-	off_t start, end, size;
+	u_quad_t size;
+	off_t start, end;
 	int error, lkop;
 
+	if (fl->l_len < 0)
+		return EINVAL;
 	if (vp->v_type == VDIR) {
 		/*
 		 * SMB protocol have no support for directory locking.
@@ -994,6 +998,9 @@ smbfs_advlock(ap)
 		start = fl->l_start;
 		break;
 	    case SEEK_END:
+		/* size always >= 0 */
+		if (fl->l_start > 0 && size > OFF_MAX - fl->l_start)
+			return EOVERFLOW;
 		start = fl->l_start + size;
 	    default:
 		return EINVAL;
@@ -1003,7 +1010,12 @@ smbfs_advlock(ap)
 	if (fl->l_len == 0)
 		end = -1;
 	else {
-		end = start + fl->l_len - 1;
+		off_t oadd = fl->l_len - 1;
+
+		/* fl->l_len & start are non-negative */
+		if (oadd > OFF_MAX - start)
+			return EOVERFLOW;
+		end = start + oadd;
 		if (end < start)
 			return EINVAL;
 	}
-- 
cgit v1.1