From owner-svn-src-head@freebsd.org Sat Jan 27 15:33:53 2018 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8B41BEC76A0; Sat, 27 Jan 2018 15:33:53 +0000 (UTC) (envelope-from pfg@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 3D0546D025; Sat, 27 Jan 2018 15:33:53 +0000 (UTC) (envelope-from pfg@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 37ACE4881; Sat, 27 Jan 2018 15:33:53 +0000 (UTC) (envelope-from pfg@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w0RFXqxf057923; Sat, 27 Jan 2018 15:33:52 GMT (envelope-from pfg@FreeBSD.org) Received: (from pfg@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w0RFXq0K057921; Sat, 27 Jan 2018 15:33:52 GMT (envelope-from pfg@FreeBSD.org) Message-Id: <201801271533.w0RFXq0K057921@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: pfg set sender to pfg@FreeBSD.org using -f From: "Pedro F. Giffuni" Date: Sat, 27 Jan 2018 15:33:52 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r328479 - in head/sys: fs/ext2fs ufs/ufs X-SVN-Group: head X-SVN-Commit-Author: pfg X-SVN-Commit-Paths: in head/sys: fs/ext2fs ufs/ufs X-SVN-Commit-Revision: 328479 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Jan 2018 15:33:53 -0000 Author: pfg Date: Sat Jan 27 15:33:52 2018 New Revision: 328479 URL: https://svnweb.freebsd.org/changeset/base/328479 Log: {ext2|ufs}_readdir: Set limit on valid ncookies values. Sanitize the values that will be assigned to ncookies so that we ensure they are sane and we can handle them. Let ncookies signed as it was before r328346. The valid range is such that unsigned values are not required and we are not able to avoid at least one cast anyways. Hinted by: bde Modified: head/sys/fs/ext2fs/ext2_lookup.c head/sys/ufs/ufs/ufs_vnops.c Modified: head/sys/fs/ext2fs/ext2_lookup.c ============================================================================== --- head/sys/fs/ext2fs/ext2_lookup.c Sat Jan 27 13:46:55 2018 (r328478) +++ head/sys/fs/ext2fs/ext2_lookup.c Sat Jan 27 15:33:52 2018 (r328479) @@ -145,14 +145,18 @@ ext2_readdir(struct vop_readdir_args *ap) off_t offset, startoffset; size_t readcnt, skipcnt; ssize_t startresid; - u_int ncookies; + int ncookies; int DIRBLKSIZ = VTOI(ap->a_vp)->i_e2fs->e2fs_bsize; int error; if (uio->uio_offset < 0) return (EINVAL); ip = VTOI(vp); + if (uio->uio_resid < 0) + uio->uio_resid = 0; if (ap->a_ncookies != NULL) { + if (uio->uio_resid > MAXPHYS) + uio->uio_resid = MAXPHYS; ncookies = uio->uio_resid; if (uio->uio_offset >= ip->i_size) ncookies = 0; Modified: head/sys/ufs/ufs/ufs_vnops.c ============================================================================== --- head/sys/ufs/ufs/ufs_vnops.c Sat Jan 27 13:46:55 2018 (r328478) +++ head/sys/ufs/ufs/ufs_vnops.c Sat Jan 27 15:33:52 2018 (r328479) @@ -2170,7 +2170,7 @@ ufs_readdir(ap) off_t offset, startoffset; size_t readcnt, skipcnt; ssize_t startresid; - u_int ncookies; + int ncookies; int error; if (uio->uio_offset < 0) @@ -2178,7 +2178,11 @@ ufs_readdir(ap) ip = VTOI(vp); if (ip->i_effnlink == 0) return (0); + if (uio->uio_resid < 0) + uio->uio_resid = 0; if (ap->a_ncookies != NULL) { + if (uio->uio_resid > MAXPHYS) + uio->uio_resid = MAXPHYS; ncookies = uio->uio_resid; if (uio->uio_offset >= ip->i_size) ncookies = 0;