diff options
author | Theo de Raadt <deraadt@cvs.openbsd.org> | 2005-04-21 23:29:05 +0000 |
---|---|---|
committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 2005-04-21 23:29:05 +0000 |
commit | 1b4aea96a7e3631bc61ad0d2ce06bde6bb77b955 (patch) | |
tree | 8e358500052f0c128037f5a3dc73836af0422ebd | |
parent | f1edfddc3c03c1ed513c9350894fdcae38afa334 (diff) |
careful strlcpy and snprintf return handling; ok pedro beck
-rw-r--r-- | sys/miscfs/procfs/procfs_linux.c | 7 | ||||
-rw-r--r-- | sys/miscfs/procfs/procfs_vnops.c | 14 | ||||
-rw-r--r-- | sys/nfs/nfs_vnops.c | 4 |
3 files changed, 18 insertions, 7 deletions
diff --git a/sys/miscfs/procfs/procfs_linux.c b/sys/miscfs/procfs/procfs_linux.c index 356a173d8aa..d3caeb8ae83 100644 --- a/sys/miscfs/procfs/procfs_linux.c +++ b/sys/miscfs/procfs/procfs_linux.c @@ -1,4 +1,4 @@ -/* $OpenBSD: procfs_linux.c,v 1.5 2004/05/05 23:52:10 tedu Exp $ */ +/* $OpenBSD: procfs_linux.c,v 1.6 2005/04/21 23:28:55 deraadt Exp $ */ /* $NetBSD: procfs_linux.c,v 1.2.4.1 2001/03/30 21:48:11 he Exp $ */ /* @@ -89,8 +89,9 @@ procfs_domeminfo(struct proc *curp, struct proc *p, struct pfsnode *pfs, PGTOKB(uvmexp.swpages), PGTOKB(uvmexp.swpages - uvmexp.swpginuse)); - if (len == 0 || len <= uio->uio_offset || uio->uio_resid == 0) - return 0; + if (len <= 0 || len >= sizeof buf || + len <= uio->uio_offset || uio->uio_resid == 0) + return EINVAL; len -= uio->uio_offset; cp = buf + uio->uio_offset; diff --git a/sys/miscfs/procfs/procfs_vnops.c b/sys/miscfs/procfs/procfs_vnops.c index a9125261db2..244a0012feb 100644 --- a/sys/miscfs/procfs/procfs_vnops.c +++ b/sys/miscfs/procfs/procfs_vnops.c @@ -1,4 +1,4 @@ -/* $OpenBSD: procfs_vnops.c,v 1.35 2005/04/16 22:19:28 kettenis Exp $ */ +/* $OpenBSD: procfs_vnops.c,v 1.36 2005/04/21 23:28:55 deraadt Exp $ */ /* $NetBSD: procfs_vnops.c,v 1.40 1996/03/16 23:52:55 christos Exp $ */ /* @@ -602,11 +602,17 @@ procfs_getattr(v) case Pcurproc: { char buf[16]; /* should be enough */ + int len; + + len = snprintf(buf, sizeof buf, "%ld", (long)curproc->p_pid); + if (len == -1 || len >= sizeof buf) { + error = EINVAL; + break; + } vap->va_nlink = 1; vap->va_uid = 0; vap->va_gid = 0; - vap->va_size = vap->va_bytes = - snprintf(buf, sizeof buf, "%ld", (long)curproc->p_pid); + vap->va_size = vap->va_bytes = len; break; } @@ -1092,6 +1098,8 @@ procfs_readlink(v) len = strlcpy(buf, "curproc", sizeof buf); else return (EINVAL); + if (len == -1 || len >= sizeof buf) + return (EINVAL); return (uiomove(buf, len, ap->a_uio)); } diff --git a/sys/nfs/nfs_vnops.c b/sys/nfs/nfs_vnops.c index 01ae894082b..24f7f5899ab 100644 --- a/sys/nfs/nfs_vnops.c +++ b/sys/nfs/nfs_vnops.c @@ -1,4 +1,4 @@ -/* $OpenBSD: nfs_vnops.c,v 1.63 2004/08/03 17:11:48 marius Exp $ */ +/* $OpenBSD: nfs_vnops.c,v 1.64 2005/04/21 23:29:04 deraadt Exp $ */ /* $NetBSD: nfs_vnops.c,v 1.62.4.1 1996/07/08 20:26:52 jtc Exp $ */ /* @@ -2506,6 +2506,8 @@ nfs_sillyrename(dvp, vp, cnp) /* Fudge together a funny name */ sp->s_namlen = snprintf(sp->s_name, sizeof sp->s_name, ".nfsA%05x4.4", cnp->cn_proc->p_pid); + if (sp->s_namlen > sizeof sp->s_name) + sp->s_namlen = strlen(sp->s_name); /* Try lookitups until we get one that isn't there */ while (nfs_lookitup(dvp, sp->s_name, sp->s_namlen, sp->s_cred, |