From owner-freebsd-hackers Wed Sep 11 4: 0:34 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 336E737B400 for ; Wed, 11 Sep 2002 04:00:29 -0700 (PDT) Received: from asclepius.uwa.edu.au (asclepius.uwa.edu.au [130.95.128.56]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6F4B443E42 for ; Wed, 11 Sep 2002 04:00:28 -0700 (PDT) (envelope-from grahame@ucs.uwa.edu.au) Received: from 127.0.0.1 (localhost [127.0.0.1]) by dummy.domain.name (Postfix) with SMTP id A2EB62F86ED for ; Wed, 11 Sep 2002 19:00:27 +0800 (WST) Received: from typhaon.ucs.uwa.edu.au (typhaon.ucs.uwa.edu.au [130.95.128.67]) by asclepius.uwa.edu.au (Postfix) with ESMTP id 9DF672F80BA for ; Wed, 11 Sep 2002 19:00:27 +0800 (WST) Received: from typhaon.ucs.uwa.edu.au (typhaon.ucs.uwa.edu.au [130.95.128.67]) by typhaon.ucs.uwa.edu.au (Postfix) with ESMTP id 4854140CFC46 for ; Wed, 11 Sep 2002 18:59:55 +0800 (WST) From: Grahame Bowland Organization: The University of Western Australia To: freebsd-hackers@freebsd.org Subject: Checking syscall arguments Date: Wed, 11 Sep 2002 18:59:54 +0800 User-Agent: KMail/1.4.5 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Message-Id: <200209111859.54919.grahame@ucs.uwa.edu.au> Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi all, When implementing a syscall for FreeBSD, how do you ensure that the argumen= ts=20 you have been passed are sane? I'm interested in the following syscall: int setattr(char *file, struct stat *st, unsigned bitmap); As far as I can see from reading similar functions, such as fhstatfs, the=20 correct way to do it is: { struct stat st; error =3D copyin(SCARG(uap, st), &st, sizeof(struct stat)); if (error) { return error; } } Does the above code ensure that I'm safe, and I can 'trust' that there is a= =20 struct stat 'st' that I can access normally in the code? Obviously I can't= =20 trust the values contained in it, however can I be assured that I'm not goi= ng=20 to overrun or anything nasty by doing the above? Cheers, Grahame =20 =2D-=20 Grahame Bowland Email: grahame@ucs.uwa.edu.au University Communications Services Phone: +61 8 9380 1175 The University of Western Australia Fax: +61 8 9380 1109 CRICOS: 00126G To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message