summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTheo de Raadt <deraadt@cvs.openbsd.org>2005-04-21 23:29:05 +0000
committerTheo de Raadt <deraadt@cvs.openbsd.org>2005-04-21 23:29:05 +0000
commit1b4aea96a7e3631bc61ad0d2ce06bde6bb77b955 (patch)
tree8e358500052f0c128037f5a3dc73836af0422ebd
parentf1edfddc3c03c1ed513c9350894fdcae38afa334 (diff)
careful strlcpy and snprintf return handling; ok pedro beck
-rw-r--r--sys/miscfs/procfs/procfs_linux.c7
-rw-r--r--sys/miscfs/procfs/procfs_vnops.c14
-rw-r--r--sys/nfs/nfs_vnops.c4
3 files changed, 18 insertions, 7 deletions
diff --git a/sys/miscfs/procfs/procfs_linux.c b/sys/miscfs/procfs/procfs_linux.c
index 356a173d8aa..d3caeb8ae83 100644
--- a/sys/miscfs/procfs/procfs_linux.c
+++ b/sys/miscfs/procfs/procfs_linux.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: procfs_linux.c,v 1.5 2004/05/05 23:52:10 tedu Exp $ */
+/* $OpenBSD: procfs_linux.c,v 1.6 2005/04/21 23:28:55 deraadt Exp $ */
/* $NetBSD: procfs_linux.c,v 1.2.4.1 2001/03/30 21:48:11 he Exp $ */
/*
@@ -89,8 +89,9 @@ procfs_domeminfo(struct proc *curp, struct proc *p, struct pfsnode *pfs,
PGTOKB(uvmexp.swpages),
PGTOKB(uvmexp.swpages - uvmexp.swpginuse));
- if (len == 0 || len <= uio->uio_offset || uio->uio_resid == 0)
- return 0;
+ if (len <= 0 || len >= sizeof buf ||
+ len <= uio->uio_offset || uio->uio_resid == 0)
+ return EINVAL;
len -= uio->uio_offset;
cp = buf + uio->uio_offset;
diff --git a/sys/miscfs/procfs/procfs_vnops.c b/sys/miscfs/procfs/procfs_vnops.c
index a9125261db2..244a0012feb 100644
--- a/sys/miscfs/procfs/procfs_vnops.c
+++ b/sys/miscfs/procfs/procfs_vnops.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: procfs_vnops.c,v 1.35 2005/04/16 22:19:28 kettenis Exp $ */
+/* $OpenBSD: procfs_vnops.c,v 1.36 2005/04/21 23:28:55 deraadt Exp $ */
/* $NetBSD: procfs_vnops.c,v 1.40 1996/03/16 23:52:55 christos Exp $ */
/*
@@ -602,11 +602,17 @@ procfs_getattr(v)
case Pcurproc: {
char buf[16]; /* should be enough */
+ int len;
+
+ len = snprintf(buf, sizeof buf, "%ld", (long)curproc->p_pid);
+ if (len == -1 || len >= sizeof buf) {
+ error = EINVAL;
+ break;
+ }
vap->va_nlink = 1;
vap->va_uid = 0;
vap->va_gid = 0;
- vap->va_size = vap->va_bytes =
- snprintf(buf, sizeof buf, "%ld", (long)curproc->p_pid);
+ vap->va_size = vap->va_bytes = len;
break;
}
@@ -1092,6 +1098,8 @@ procfs_readlink(v)
len = strlcpy(buf, "curproc", sizeof buf);
else
return (EINVAL);
+ if (len == -1 || len >= sizeof buf)
+ return (EINVAL);
return (uiomove(buf, len, ap->a_uio));
}
diff --git a/sys/nfs/nfs_vnops.c b/sys/nfs/nfs_vnops.c
index 01ae894082b..24f7f5899ab 100644
--- a/sys/nfs/nfs_vnops.c
+++ b/sys/nfs/nfs_vnops.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: nfs_vnops.c,v 1.63 2004/08/03 17:11:48 marius Exp $ */
+/* $OpenBSD: nfs_vnops.c,v 1.64 2005/04/21 23:29:04 deraadt Exp $ */
/* $NetBSD: nfs_vnops.c,v 1.62.4.1 1996/07/08 20:26:52 jtc Exp $ */
/*
@@ -2506,6 +2506,8 @@ nfs_sillyrename(dvp, vp, cnp)
/* Fudge together a funny name */
sp->s_namlen = snprintf(sp->s_name, sizeof sp->s_name,
".nfsA%05x4.4", cnp->cn_proc->p_pid);
+ if (sp->s_namlen > sizeof sp->s_name)
+ sp->s_namlen = strlen(sp->s_name);
/* Try lookitups until we get one that isn't there */
while (nfs_lookitup(dvp, sp->s_name, sp->s_namlen, sp->s_cred,