Date: Sun, 8 Apr 2018 05:15:34 +0000 (UTC) From: Kirk McKusick <mckusick@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r332264 - head/lib/libufs Message-ID: <201804080515.w385FYdC053811@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: mckusick Date: Sun Apr 8 05:15:34 2018 New Revision: 332264 URL: https://svnweb.freebsd.org/changeset/base/332264 Log: Defensive programming when reading inodes in getino(). Specifically check for out-of-range inodes, and whether return-value pointers are NULL. Modified: head/lib/libufs/inode.c Modified: head/lib/libufs/inode.c ============================================================================== --- head/lib/libufs/inode.c Sun Apr 8 01:32:56 2018 (r332263) +++ head/lib/libufs/inode.c Sun Apr 8 05:15:34 2018 (r332264) @@ -60,6 +60,10 @@ getino(struct uufsd *disk, void **dino, ino_t inode, i ERROR(disk, NULL); fs = &disk->d_fs; + if (inode >= fs->fs_ipg * fs->fs_ncg) { + ERROR(disk, "inode number out of range"); + return (-1); + } inoblock = disk->d_inoblock; min = disk->d_inomin; max = disk->d_inomax; @@ -81,13 +85,17 @@ getino(struct uufsd *disk, void **dino, ino_t inode, i gotit: switch (disk->d_ufs) { case 1: dp1 = &((struct ufs1_dinode *)inoblock)[inode - min]; - *mode = dp1->di_mode & IFMT; - *dino = dp1; + if (mode != NULL) + *mode = dp1->di_mode & IFMT; + if (dino != NULL) + *dino = dp1; return (0); case 2: dp2 = &((struct ufs2_dinode *)inoblock)[inode - min]; - *mode = dp2->di_mode & IFMT; - *dino = dp2; + if (mode != NULL) + *mode = dp2->di_mode & IFMT; + if (dino != NULL) + *dino = dp2; return (0); default: break;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201804080515.w385FYdC053811>