in *_readdir(), constrain uio_offset to make sure it is right; cstone@pobox.com

2 files changed, 10 insertions, 8 deletions

diff --git a/sys/miscfs/fdesc/fdesc_vnops.c b/sys/miscfs/fdesc/fdesc_vnops.c
index 6c57364e670..44ef2f4f419 100644
--- a/sys/miscfs/fdesc/fdesc_vnops.c
+++ b/sys/miscfs/fdesc/fdesc_vnops.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: fdesc_vnops.c,v 1.13 1999/04/28 09:28:15 art Exp $	*/
+/*	$OpenBSD: fdesc_vnops.c,v 1.14 1999/08/13 04:50:46 deraadt Exp $	*/
 /*	$NetBSD: fdesc_vnops.c,v 1.32 1996/04/11 11:24:29 mrg Exp $	*/
 
 /*
@@ -716,9 +716,7 @@ fdesc_readdir(v)
 
 	fdp = uio->uio_procp->p_fd;
 
-	if (uio->uio_resid < UIO_MX)
-		return (EINVAL);
-	if (uio->uio_offset < 0)
+	if (uio->uio_offset < 0 || uio->uio_offset % UIO_MX)
 		return (EINVAL);
 
 	error = 0;
@@ -729,6 +727,9 @@ fdesc_readdir(v)
 	if (VTOFDESC(ap->a_vp)->fd_type == Froot) {
 		struct fdesc_target *ft;
 
+		if (nfdesc_targets <= uio->uio_offset/UIO_MX)
+			return (EINVAL);
+
 		for (ft = &fdesc_targets[i];
 		     uio->uio_resid >= UIO_MX && i < nfdesc_targets; ft++, i++) {
 			switch (ft->ft_fileno) {
diff --git a/sys/miscfs/procfs/procfs_vnops.c b/sys/miscfs/procfs/procfs_vnops.c
index fcab3d33df1..d413736c616 100644
--- a/sys/miscfs/procfs/procfs_vnops.c
+++ b/sys/miscfs/procfs/procfs_vnops.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: procfs_vnops.c,v 1.12 1998/08/06 19:34:46 csapuntz Exp $	*/
+/*	$OpenBSD: procfs_vnops.c,v 1.13 1999/08/13 04:50:48 deraadt Exp $	*/
 /*	$NetBSD: procfs_vnops.c,v 1.40 1996/03/16 23:52:55 christos Exp $	*/
 
 /*
@@ -823,9 +823,7 @@ procfs_readdir(v)
 
 	pfs = VTOPFS(ap->a_vp);
 
-	if (uio->uio_resid < UIO_MX)
-		return (EINVAL);
-	if (uio->uio_offset < 0)
+	if (uio->uio_offset < 0 || uio->uio_offset % UIO_MX)
 		return (EINVAL);
 
 	error = 0;
@@ -843,6 +841,9 @@ procfs_readdir(v)
 		struct proc *p;
 		struct proc_target *pt;
 
+		if (nproc_targets <= uio->uio_offset/UIO_MX) 
+			return (EINVAL);
+
 		p = PFIND(pfs->pfs_pid);
 		if (p == NULL)
 			break;