From owner-freebsd-hackers Wed Sep 11 4: 8:18 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0B17637B400 for ; Wed, 11 Sep 2002 04:08:16 -0700 (PDT) Received: from elvis.mu.org (elvis.mu.org [192.203.228.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id C6F7B43E3B for ; Wed, 11 Sep 2002 04:08:15 -0700 (PDT) (envelope-from mux@freebsd.org) Received: by elvis.mu.org (Postfix, from userid 1920) id 9B651AE160; Wed, 11 Sep 2002 04:08:15 -0700 (PDT) Date: Wed, 11 Sep 2002 04:08:15 -0700 From: Maxime Henrion To: Grahame Bowland Cc: freebsd-hackers@freebsd.org Subject: Re: Checking syscall arguments Message-ID: <20020911110815.GO86074@elvis.mu.org> References: <200209111859.54919.grahame@ucs.uwa.edu.au> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200209111859.54919.grahame@ucs.uwa.edu.au> User-Agent: Mutt/1.3.27i Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Grahame Bowland wrote: > > Hi all, > > When implementing a syscall for FreeBSD, how do you ensure that the arguments > you have been passed are sane? I'm interested in the following syscall: > int setattr(char *file, struct stat *st, unsigned bitmap); > > As far as I can see from reading similar functions, such as fhstatfs, the > correct way to do it is: > > { > struct stat st; > error = copyin(SCARG(uap, st), &st, sizeof(struct stat)); > if (error) { return error; } > } > > Does the above code ensure that I'm safe, and I can 'trust' that there is a > struct stat 'st' that I can access normally in the code? Obviously I can't > trust the values contained in it, however can I be assured that I'm not going > to overrun or anything nasty by doing the above? Yes. If the copyin() succeeded you can assume that sizeof(struct stat) bytes have been copied from userland. Obviously, you can't assume anything about the content of these bytes though. Maxime To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message