diff options
| author | Matthew Dempsky <matthew@cvs.openbsd.org> | 2013-01-30 18:21:09 +0000 |
|---|---|---|
| committer | Matthew Dempsky <matthew@cvs.openbsd.org> | 2013-01-30 18:21:09 +0000 |
| commit | b6d80ef252e894b3a2d75317645a510c4354adf3 (patch) | |
| tree | 67fda6899612e654c08ae85d30626a00b55e4285 /sys/kern | |
| parent | 5acbf0800eba594c998db8007420c85fc24c2b15 (diff) | |
In doreadlinkat(), only access auio.uio_resid if it's already been
initialized. (In the case where it wasn't initialized, the computed
*retval ends up getting clobbered by the EINVAL error anyway so it's
not an info leak, but it's still technically undefined behavior.)
pointed out by Maxime Villard on tech
ok guenther
Diffstat (limited to 'sys/kern')
| -rw-r--r-- | sys/kern/vfs_syscalls.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c index 6ec5e840041..aa82c97215c 100644 --- a/sys/kern/vfs_syscalls.c +++ b/sys/kern/vfs_syscalls.c @@ -1,4 +1,4 @@ -/* $OpenBSD: vfs_syscalls.c,v 1.189 2012/09/10 11:10:59 jsing Exp $ */ +/* $OpenBSD: vfs_syscalls.c,v 1.190 2013/01/30 18:21:08 matthew Exp $ */ /* $NetBSD: vfs_syscalls.c,v 1.71 1996/04/23 10:29:02 mycroft Exp $ */ /* @@ -1843,9 +1843,9 @@ doreadlinkat(struct proc *p, int fd, const char *path, char *buf, auio.uio_procp = p; auio.uio_resid = count; error = VOP_READLINK(vp, &auio, p->p_ucred); + *retval = count - auio.uio_resid; } vput(vp); - *retval = count - auio.uio_resid; return (error); } |