From owner-svn-src-all@FreeBSD.ORG  Wed Jun 13 22:12:11 2012
Return-Path: <owner-svn-src-all@FreeBSD.ORG>
Delivered-To: svn-src-all@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id CB1B7106566B;
	Wed, 13 Jun 2012 22:12:11 +0000 (UTC) (envelope-from pjd@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org [69.147.83.44])
	by mx1.freebsd.org (Postfix) with ESMTP id ACCA88FC0C;
	Wed, 13 Jun 2012 22:12:11 +0000 (UTC)
Received: from svn.freebsd.org (localhost [127.0.0.1])
	by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id q5DMCBcS052177;
	Wed, 13 Jun 2012 22:12:11 GMT (envelope-from pjd@svn.freebsd.org)
Received: (from pjd@localhost)
	by svn.freebsd.org (8.14.4/8.14.4/Submit) id q5DMCBgV052173;
	Wed, 13 Jun 2012 22:12:11 GMT (envelope-from pjd@svn.freebsd.org)
Message-Id: <201206132212.q5DMCBgV052173@svn.freebsd.org>
From: Pawel Jakub Dawidek <pjd@FreeBSD.org>
Date: Wed, 13 Jun 2012 22:12:11 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
	svn-src-head@freebsd.org
X-SVN-Group: head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Cc: 
Subject: svn commit: r237036 - in head/sys: kern netsmb
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
	user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-all>,
	<mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-all>,
	<mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Jun 2012 22:12:12 -0000

Author: pjd
Date: Wed Jun 13 22:12:10 2012
New Revision: 237036
URL: http://svn.freebsd.org/changeset/base/237036

Log:
  When checking if file descriptor number is valid, explicitely check for 'fd'
  being less than 0 instead of using cast-to-unsigned hack.
  
  Today's commit was brought to you by the letters 'B', 'D' and 'E' :)

Modified:
  head/sys/kern/kern_descrip.c
  head/sys/kern/uipc_usrreq.c
  head/sys/netsmb/smb_dev.c

Modified: head/sys/kern/kern_descrip.c
==============================================================================
--- head/sys/kern/kern_descrip.c	Wed Jun 13 21:53:40 2012	(r237035)
+++ head/sys/kern/kern_descrip.c	Wed Jun 13 22:12:10 2012	(r237036)
@@ -243,7 +243,7 @@ fd_last_used(struct filedesc *fdp, int s
 static int
 fdisused(struct filedesc *fdp, int fd)
 {
-        KASSERT((unsigned int)fd < fdp->fd_nfiles,
+        KASSERT(fd >= 0 && fd < fdp->fd_nfiles,
             ("file descriptor %d out of range (0, %d)", fd, fdp->fd_nfiles));
 	return ((fdp->fd_map[NDSLOT(fd)] & NDBIT(fd)) != 0);
 }
@@ -433,7 +433,7 @@ fdtofp(int fd, struct filedesc *fdp)
 
 	FILEDESC_LOCK_ASSERT(fdp);
 
-	if ((unsigned)fd >= fdp->fd_nfiles)
+	if (fd < 0 || fd >= fdp->fd_nfiles)
 		return (NULL);
 
 	return (fdp->fd_ofiles[fd]);
@@ -677,7 +677,7 @@ kern_fcntl(struct thread *td, int fd, in
 		vfslocked = 0;
 		/* Check for race with close */
 		FILEDESC_SLOCK(fdp);
-		if ((unsigned) fd >= fdp->fd_nfiles ||
+		if (fd < 0 || fd >= fdp->fd_nfiles ||
 		    fp != fdp->fd_ofiles[fd]) {
 			FILEDESC_SUNLOCK(fdp);
 			flp->l_whence = SEEK_SET;
@@ -1197,7 +1197,7 @@ kern_close(td, fd)
 	AUDIT_SYSCLOSE(td, fd);
 
 	FILEDESC_XLOCK(fdp);
-	if ((unsigned)fd >= fdp->fd_nfiles ||
+	if (fd < 0 || fd >= fdp->fd_nfiles ||
 	    (fp = fdp->fd_ofiles[fd]) == NULL) {
 		FILEDESC_XUNLOCK(fdp);
 		return (EBADF);
@@ -1500,7 +1500,7 @@ fdalloc(struct thread *td, int minfd, in
 	 * Perform some sanity checks, then mark the file descriptor as
 	 * used and return it to the caller.
 	 */
-	KASSERT((unsigned int)fd < min(maxfd, fdp->fd_nfiles),
+	KASSERT(fd >= 0 && fd < min(maxfd, fdp->fd_nfiles),
 	    ("invalid descriptor %d", fd));
 	KASSERT(!fdisused(fdp, fd),
 	    ("fd_first_free() returned non-free descriptor"));
@@ -2213,7 +2213,7 @@ fget_unlocked(struct filedesc *fdp, int 
 	struct file *fp;
 	u_int count;
 
-	if ((unsigned int)fd >= fdp->fd_nfiles)
+	if (fd < 0 || fd >= fdp->fd_nfiles)
 		return (NULL);
 	/*
 	 * Fetch the descriptor locklessly.  We avoid fdrop() races by
@@ -2602,7 +2602,7 @@ dupfdopen(struct thread *td, struct file
 	 * closed, then reject.
 	 */
 	FILEDESC_XLOCK(fdp);
-	if ((unsigned int)dfd >= fdp->fd_nfiles ||
+	if (dfd < 0 || dfd >= fdp->fd_nfiles ||
 	    (fp = fdp->fd_ofiles[dfd]) == NULL) {
 		FILEDESC_XUNLOCK(fdp);
 		return (EBADF);

Modified: head/sys/kern/uipc_usrreq.c
==============================================================================
--- head/sys/kern/uipc_usrreq.c	Wed Jun 13 21:53:40 2012	(r237035)
+++ head/sys/kern/uipc_usrreq.c	Wed Jun 13 22:12:10 2012	(r237036)
@@ -1872,7 +1872,7 @@ unp_internalize(struct mbuf **controlp, 
 			FILEDESC_SLOCK(fdescp);
 			for (i = 0; i < oldfds; i++) {
 				fd = *fdp++;
-				if ((unsigned)fd >= fdescp->fd_nfiles ||
+				if (fd < 0 || fd >= fdescp->fd_nfiles ||
 				    fdescp->fd_ofiles[fd] == NULL) {
 					FILEDESC_SUNLOCK(fdescp);
 					error = EBADF;

Modified: head/sys/netsmb/smb_dev.c
==============================================================================
--- head/sys/netsmb/smb_dev.c	Wed Jun 13 21:53:40 2012	(r237035)
+++ head/sys/netsmb/smb_dev.c	Wed Jun 13 22:12:10 2012	(r237036)
@@ -375,7 +375,7 @@ nsmb_getfp(struct filedesc* fdp, int fd,
 	struct file* fp;
 
 	FILEDESC_SLOCK(fdp);
-	if (((u_int)fd) >= fdp->fd_nfiles ||
+	if (fd < 0 || fd >= fdp->fd_nfiles ||
 	    (fp = fdp->fd_ofiles[fd]) == NULL ||
 	    (fp->f_flag & flag) == 0) {
 		FILEDESC_SUNLOCK(fdp);