From owner-freebsd-bugs@FreeBSD.ORG Fri Aug 9 02:00:00 2013 Return-Path: Delivered-To: freebsd-bugs@smarthost.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id D666C26D for ; Fri, 9 Aug 2013 02:00:00 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id B4989241B for ; Fri, 9 Aug 2013 02:00:00 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.7/8.14.7) with ESMTP id r79200sn041000 for ; Fri, 9 Aug 2013 02:00:00 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.7/8.14.7/Submit) id r79200VQ040999; Fri, 9 Aug 2013 02:00:00 GMT (envelope-from gnats) Resent-Date: Fri, 9 Aug 2013 02:00:00 GMT Resent-Message-Id: <201308090200.r79200VQ040999@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Garrett Cooper Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 984D0216 for ; Fri, 9 Aug 2013 01:56:25 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from oldred.freebsd.org (oldred.freebsd.org [8.8.178.121]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 85CD523F3 for ; Fri, 9 Aug 2013 01:56:25 +0000 (UTC) Received: from oldred.freebsd.org ([127.0.1.6]) by oldred.freebsd.org (8.14.5/8.14.7) with ESMTP id r791uPMt059596 for ; Fri, 9 Aug 2013 01:56:25 GMT (envelope-from nobody@oldred.freebsd.org) Received: (from nobody@localhost) by oldred.freebsd.org (8.14.5/8.14.5/Submit) id r791uPX5059585; Fri, 9 Aug 2013 01:56:25 GMT (envelope-from nobody) Message-Id: <201308090156.r791uPX5059585@oldred.freebsd.org> Date: Fri, 9 Aug 2013 01:56:25 GMT From: Garrett Cooper To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Subject: kern/181155: [PATCH] *access*(2) does not handle invalid amodes properly X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Aug 2013 02:00:01 -0000 >Number: 181155 >Category: kern >Synopsis: [PATCH] *access*(2) does not handle invalid amodes properly >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Aug 09 02:00:00 UTC 2013 >Closed-Date: >Last-Modified: >Originator: Garrett Cooper >Release: 10-CURRENT >Organization: EMC Isilon >Environment: FreeBSD fuji-current.local 10.0-CURRENT FreeBSD 10.0-CURRENT #12 c3d9dc4-dirty: Thu Aug 8 18:48:47 PDT 2013 root@fuji-current.local:/usr/obj/usr/src/sys/FUJI-NOCOMPAT i386 >Description: Invalid access modes aren't properly handled in FreeBSD, so feeding in a valid like -1 won't result in a failed call. >How-To-Repeat: access("/", -1); >Fix: Patch attached with submission follows: >From ceea6405b65a81a336b7c804dbe6c2dd0d84b72c Mon Sep 17 00:00:00 2001 From: Garrett Cooper Date: Thu, 8 Aug 2013 18:26:53 -0700 Subject: [PATCH] Handle invalid modes properly Sponsored-by: EMC Isilon --- sys/kern/vfs_syscalls.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c index a004ea0..9350821 100644 --- a/sys/kern/vfs_syscalls.c +++ b/sys/kern/vfs_syscalls.c @@ -2094,6 +2094,9 @@ kern_accessat(struct thread *td, int fd, char *path, enum uio_seg pathseg, struct nameidata nd; int error; + if (amode & ~(F_OK | R_OK | W_OK | X_OK)) + return (EINVAL); + /* * Create and modify a temporary credential instead of one that * is potentially shared. -- 1.8.3.4 >Release-Note: >Audit-Trail: >Unformatted: