diff options
| author | Todd C. Miller <millert@cvs.openbsd.org> | 2003-08-20 18:02:21 +0000 |
|---|---|---|
| committer | Todd C. Miller <millert@cvs.openbsd.org> | 2003-08-20 18:02:21 +0000 |
| commit | d1c926723517830888bf04438b0e0d371c38c427 (patch) | |
| tree | 49548dd2ad9dd87e18140298904253943d2f9b39 /sys/kern/sysv_sem.c | |
| parent | 42c5a5f76c8b949df572ee9f4f7cdc465c829f92 (diff) | |
Move the nsem sanity checks where they belong (before the malloc call).
This was missed when that code got restructured/re-ordered.
Problem reported by blexim AT hush d0t com.
OK deraadt@, tedu@, henning@ and miod@
Diffstat (limited to 'sys/kern/sysv_sem.c')
| -rw-r--r-- | sys/kern/sysv_sem.c | 26 |
1 files changed, 12 insertions, 14 deletions
diff --git a/sys/kern/sysv_sem.c b/sys/kern/sysv_sem.c index 6d843f3b9c5..543ea756f7c 100644 --- a/sys/kern/sysv_sem.c +++ b/sys/kern/sysv_sem.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sysv_sem.c,v 1.19 2003/07/21 22:44:50 tedu Exp $ */ +/* $OpenBSD: sysv_sem.c,v 1.20 2003/08/20 18:02:20 millert Exp $ */ /* $NetBSD: sysv_sem.c,v 1.26 1996/02/09 19:00:25 christos Exp $ */ /* @@ -422,10 +422,20 @@ sys_semget(struct proc *p, void *v, register_t *retval) /* * Preallocate space for the new semaphore. If we are going - * to sleep, we want to sleep now to elliminate any race + * to sleep, we want to sleep now to eliminate any race * condition in allocating a semaphore with a specific key. */ if (key == IPC_PRIVATE || (semflg & IPC_CREAT)) { + if (nsems <= 0 || nsems > seminfo.semmsl) { + DPRINTF(("nsems out of range (0<%d<=%d)\n", nsems, + seminfo.semmsl)); + return (EINVAL); + } + if (nsems > seminfo.semmns - semtot) { + DPRINTF(("not enough semaphores left (need %d, got %d)\n", + nsems, seminfo.semmns - semtot)); + return (ENOSPC); + } semaptr_new = pool_get(&sema_pool, PR_WAITOK); semaptr_new->sem_base = malloc(nsems * sizeof(struct sem), M_SEM, M_WAITOK); @@ -459,18 +469,6 @@ sys_semget(struct proc *p, void *v, register_t *retval) DPRINTF(("need to allocate the semid_ds\n")); if (key == IPC_PRIVATE || (semflg & IPC_CREAT)) { - if (nsems <= 0 || nsems > seminfo.semmsl) { - DPRINTF(("nsems out of range (0<%d<=%d)\n", nsems, - seminfo.semmsl)); - error = EINVAL; - goto error; - } - if (nsems > seminfo.semmns - semtot) { - DPRINTF(("not enough semaphores left (need %d, got %d)\n", - nsems, seminfo.semmns - semtot)); - error = ENOSPC; - goto error; - } for (semid = 0; semid < seminfo.semmni; semid++) { if ((semaptr = sema[semid]) == NULL) break; |