diff options
| author | Visa Hankala <visa@cvs.openbsd.org> | 2022-06-01 14:18:44 +0000 |
|---|---|---|
| committer | Visa Hankala <visa@cvs.openbsd.org> | 2022-06-01 14:18:44 +0000 |
| commit | ed10d4eba3c704290036f1b616b50b3895aa0b0d (patch) | |
| tree | 5158dc9fe8ed50ec6980ea565ce5abb78a0c9c47 /sys/kern/vfs_lockf.c | |
| parent | 652436816aee47d807a2c1577541c9c5d8728155 (diff) | |
Fix ambiguity with lock range end
When the user requests a lock range that ends at LLONG_MAX, replace
the end point with the special EOF value -1. This avoids ambiguity
with lf_end in lf_split(). The ambiguity could result in a broken
data structure.
This change is visible to userspace in a corner case. When a lock range
has been requested with an end point at absolute position LLONG_MAX,
fcntl(F_GETLK) returns l_len == 0, instead of a positive value, for that
range. This seems consistent with FreeBSD and Linux.
OK anton@
Reported-by: syzbot+c93afea6c27a3fa3af39@syzkaller.appspotmail.com
Diffstat (limited to 'sys/kern/vfs_lockf.c')
| -rw-r--r-- | sys/kern/vfs_lockf.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/sys/kern/vfs_lockf.c b/sys/kern/vfs_lockf.c index b2a6af5c0ae..a7c6784fcd0 100644 --- a/sys/kern/vfs_lockf.c +++ b/sys/kern/vfs_lockf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: vfs_lockf.c,v 1.47 2022/06/01 14:16:28 visa Exp $ */ +/* $OpenBSD: vfs_lockf.c,v 1.48 2022/06/01 14:18:43 visa Exp $ */ /* $NetBSD: vfs_lockf.c,v 1.7 1996/02/04 02:18:21 christos Exp $ */ /* @@ -251,6 +251,9 @@ lf_advlock(struct lockf_state **state, off_t size, caddr_t id, int op, if (fl->l_len - 1 > LLONG_MAX - start) return (EOVERFLOW); end = start + (fl->l_len - 1); + /* Avoid ambiguity at the end of the range. */ + if (end == LLONG_MAX) + end = -1; } else if (fl->l_len < 0) { if (start + fl->l_len < 0) return (EINVAL); |