Date: Wed, 8 Jul 2015 13:19:14 +0000 (UTC) From: Konstantin Belousov <kib@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r285269 - head/sys/kern Message-ID: <201507081319.t68DJEYM009891@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: kib Date: Wed Jul 8 13:19:13 2015 New Revision: 285269 URL: https://svnweb.freebsd.org/changeset/base/285269 Log: Handle copyout for the fcntl(F_OGETLK) using oflock structure. Otherwise, kernel overwrites a word past the destination. Submitted by: walter@pelissero.de PR: 196718 MFC after: 1 week Modified: head/sys/kern/kern_descrip.c Modified: head/sys/kern/kern_descrip.c ============================================================================== --- head/sys/kern/kern_descrip.c Wed Jul 8 12:42:44 2015 (r285268) +++ head/sys/kern/kern_descrip.c Wed Jul 8 13:19:13 2015 (r285269) @@ -404,9 +404,10 @@ kern_fcntl_freebsd(struct thread *td, in struct flock fl; struct __oflock ofl; intptr_t arg1; - int error; + int error, newcmd; error = 0; + newcmd = cmd; switch (cmd) { case F_OGETLK: case F_OSETLK: @@ -424,13 +425,13 @@ kern_fcntl_freebsd(struct thread *td, in switch (cmd) { case F_OGETLK: - cmd = F_GETLK; + newcmd = F_GETLK; break; case F_OSETLK: - cmd = F_SETLK; + newcmd = F_SETLK; break; case F_OSETLKW: - cmd = F_SETLKW; + newcmd = F_SETLKW; break; } arg1 = (intptr_t)&fl; @@ -448,7 +449,7 @@ kern_fcntl_freebsd(struct thread *td, in } if (error) return (error); - error = kern_fcntl(td, fd, cmd, arg1); + error = kern_fcntl(td, fd, newcmd, arg1); if (error) return (error); if (cmd == F_OGETLK) {
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201507081319.t68DJEYM009891>