Date: Sun, 26 Jan 1997 13:15:56 +0900 (JST) From: Michael Hancock <michaelh@cet.co.jp> To: Bruce Evans <bde@freefall.freebsd.org> Cc: FreeBSD Hackers <Hackers@FreeBSD.ORG> Subject: Re: cvs commit: src/sys/kern kern_lockf.c Message-ID: <Pine.SV4.3.95.970126125611.20304B-100000@parkplace.cet.co.jp> In-Reply-To: <199612191322.FAA21783@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 19 Dec 1996, Bruce Evans wrote: > bde 96/12/19 05:22:31 > > Modified: sys/kern kern_lockf.c > Log: > Fixed arg checking in if_advlock(). Invalid args were accepted in an > optimized case. Preposterous lengths weren't checked for. > > Found by: NIST-PCTS > > Revision Changes Path > 1.7 +14 -11 src/sys/kern/kern_lockf.c > All of the argument checking seems out of place here. The call trace is like this: fcntl => VOP_ADVLOCK => lf_advlock or open => VOP_ADVLOCK => lf_advlock Garbage input should be stopped at the source and lf_advlock should be completely free from arg checking. The original coder wanted to factor error checking into lf_advlock, but it seems incorrect to allow garbage to come in so far. A consistent division of arg checking responsibilities would make it easier for people to decide where to do the checks. We would need some comments or preconditions specified in lf_advlock to communicate what was expected so that we would know what to do in fcntl and open. Any comments? Regards, Mike Hancock
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.SV4.3.95.970126125611.20304B-100000>