Date: Wed, 11 Sep 2002 04:08:15 -0700 From: Maxime Henrion <mux@freebsd.org> To: Grahame Bowland <grahame@ucs.uwa.edu.au> Cc: freebsd-hackers@freebsd.org Subject: Re: Checking syscall arguments Message-ID: <20020911110815.GO86074@elvis.mu.org> In-Reply-To: <200209111859.54919.grahame@ucs.uwa.edu.au> References: <200209111859.54919.grahame@ucs.uwa.edu.au>
next in thread | previous in thread | raw e-mail | index | archive | help
Grahame Bowland wrote:
>
> Hi all,
>
> When implementing a syscall for FreeBSD, how do you ensure that the arguments
> you have been passed are sane? I'm interested in the following syscall:
> int setattr(char *file, struct stat *st, unsigned bitmap);
>
> As far as I can see from reading similar functions, such as fhstatfs, the
> correct way to do it is:
>
> {
> struct stat st;
> error = copyin(SCARG(uap, st), &st, sizeof(struct stat));
> if (error) { return error; }
> }
>
> Does the above code ensure that I'm safe, and I can 'trust' that there is a
> struct stat 'st' that I can access normally in the code? Obviously I can't
> trust the values contained in it, however can I be assured that I'm not going
> to overrun or anything nasty by doing the above?
Yes. If the copyin() succeeded you can assume that sizeof(struct stat)
bytes have been copied from userland. Obviously, you can't assume
anything about the content of these bytes though.
Maxime
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020911110815.GO86074>