readv/writev with iov_len == 0 is legal (was already ok in uipc_syscalls.c).

Make the check more readable by comparing against SSIZE_MAX instead
of checking for wraparound.  This is safe because SSIZE_MAX * 2 <=
SIZE_T_MAX.  Fixes recno problems in the db routines exposed by a
perl test.

2 files changed, 10 insertions, 8 deletions

diff --git a/sys/kern/sys_generic.c b/sys/kern/sys_generic.c
index fcd6ea6a3f9..ee5b7345931 100644
--- a/sys/kern/sys_generic.c
+++ b/sys/kern/sys_generic.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: sys_generic.c,v 1.15 1998/07/28 22:36:42 millert Exp $	*/
+/*	$OpenBSD: sys_generic.c,v 1.16 1999/02/14 19:02:21 millert Exp $	*/
 /*	$NetBSD: sys_generic.c,v 1.24 1996/03/29 00:25:32 cgd Exp $	*/
 
 /*
@@ -182,7 +182,8 @@ sys_readv(p, v, retval)
 	auio.uio_resid = 0;
 	for (i = 0; i < SCARG(uap, iovcnt); i++, iov++) {
 		/* Don't allow sum > SSIZE_MAX */
-		if ((ssize_t)(auio.uio_resid += iov->iov_len) <= 0) {
+		if (iov->iov_len > SSIZE_MAX ||
+		    (auio.uio_resid += iov->iov_len) > SSIZE_MAX) {
 			error = EINVAL;
 			goto done;
 		}
@@ -336,7 +337,8 @@ sys_writev(p, v, retval)
 	auio.uio_resid = 0;
 	for (i = 0; i < SCARG(uap, iovcnt); i++, iov++) {
 		/* Don't allow sum > SSIZE_MAX */
-		if ((ssize_t)(auio.uio_resid += iov->iov_len) <= 0) {
+		if (iov->iov_len > SSIZE_MAX ||
+		    (auio.uio_resid += iov->iov_len) > SSIZE_MAX) {
 			error = EINVAL;
 			goto done;
 		}
diff --git a/sys/kern/uipc_syscalls.c b/sys/kern/uipc_syscalls.c
index 7aab5433a8b..ee626a84ba1 100644
--- a/sys/kern/uipc_syscalls.c
+++ b/sys/kern/uipc_syscalls.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: uipc_syscalls.c,v 1.14 1999/02/11 05:33:09 deraadt Exp $	*/
+/*	$OpenBSD: uipc_syscalls.c,v 1.15 1999/02/14 19:02:20 millert Exp $	*/
 /*	$NetBSD: uipc_syscalls.c,v 1.19 1996/02/09 19:00:48 christos Exp $	*/
 
 /*
@@ -439,8 +439,8 @@ sendit(p, s, mp, flags, retsize)
 	iov = mp->msg_iov;
 	for (i = 0; i < mp->msg_iovlen; i++, iov++) {
 		/* Don't allow sum > SSIZE_MAX */
-		if ((ssize_t)(auio.uio_resid += iov->iov_len) <= 0 &&
-		    (iov->iov_base != 0 || iov->iov_len != 0))
+		if (iov->iov_len > SSIZE_MAX ||
+		    (auio.uio_resid += iov->iov_len) > SSIZE_MAX)
 			return (EINVAL);
 	}
 	if (mp->msg_name) {
@@ -630,8 +630,8 @@ recvit(p, s, mp, namelenp, retsize)
 	iov = mp->msg_iov;
 	for (i = 0; i < mp->msg_iovlen; i++, iov++) {
 		/* Don't allow sum > SSIZE_MAX */
-		if ((ssize_t)(auio.uio_resid += iov->iov_len) <= 0 &&
-		    (iov->iov_base != 0 || iov->iov_len != 0))
+		if (iov->iov_len > SSIZE_MAX ||
+		    (auio.uio_resid += iov->iov_len) > SSIZE_MAX)
 			return (EINVAL);
 	}
 #ifdef KTRACE