9 files changed, 40 insertions, 26 deletions

diff --git a/sys/kern/exec_elf.c b/sys/kern/exec_elf.c
index c56713e15df..75c425402e3 100644
--- a/sys/kern/exec_elf.c
+++ b/sys/kern/exec_elf.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: exec_elf.c,v 1.21 1998/03/06 21:49:50 niklas Exp $	*/
+/*	$OpenBSD: exec_elf.c,v 1.22 1998/07/28 00:13:02 millert Exp $	*/
 
 /*
  * Copyright (c) 1996 Per Fogelstrom
@@ -317,7 +317,7 @@ elf_read_from(p, vp, off, buf, size)
 	int size;
 {
 	int error;
-	int resid;
+	size_t resid;
 
 	if ((error = vn_rdwr(UIO_READ, vp, buf, size, off, UIO_SYSSPACE,
 	    IO_NODELOCKED, p->p_ucred, &resid, p)) != 0)
diff --git a/sys/kern/exec_subr.c b/sys/kern/exec_subr.c
index 20d6204805e..32b93934f81 100644
--- a/sys/kern/exec_subr.c
+++ b/sys/kern/exec_subr.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: exec_subr.c,v 1.4 1997/02/24 14:19:56 niklas Exp $	*/
+/*	$OpenBSD: exec_subr.c,v 1.5 1998/07/28 00:13:01 millert Exp $	*/
 /*	$NetBSD: exec_subr.c,v 1.9 1994/12/04 03:10:42 mycroft Exp $	*/
 
 /*
@@ -167,7 +167,7 @@ vmcmd_map_readvn(p, cmd)
 
 	error = vn_rdwr(UIO_READ, cmd->ev_vp, (caddr_t)cmd->ev_addr,
 	    cmd->ev_len, cmd->ev_offset, UIO_USERSPACE, IO_UNIT|IO_NODELOCKED,
-	    p->p_ucred, (int *)0, p);
+	    p->p_ucred, NULL, p);
 	if (error)
 		return error;
 
diff --git a/sys/kern/kern_acct.c b/sys/kern/kern_acct.c
index 32421164e78..d2ec5b7f837 100644
--- a/sys/kern/kern_acct.c
+++ b/sys/kern/kern_acct.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: kern_acct.c,v 1.6 1998/05/17 10:47:35 deraadt Exp $	*/
+/*	$OpenBSD: kern_acct.c,v 1.7 1998/07/28 00:13:00 millert Exp $	*/
 /*	$NetBSD: kern_acct.c,v 1.42 1996/02/04 02:15:12 christos Exp $	*/
 
 /*-
@@ -219,8 +219,7 @@ acct_process(p)
 	 */
 	VOP_LEASE(vp, p, p->p_ucred, LEASE_WRITE);
 	return (vn_rdwr(UIO_WRITE, vp, (caddr_t)&acct, sizeof (acct),
-	    (off_t)0, UIO_SYSSPACE, IO_APPEND|IO_UNIT, p->p_ucred,
-	    (int *)0, p));
+	    (off_t)0, UIO_SYSSPACE, IO_APPEND|IO_UNIT, p->p_ucred, NULL, p));
 }
 
 /*
diff --git a/sys/kern/kern_exec.c b/sys/kern/kern_exec.c
index 2dce4a021f4..58a4780ccd0 100644
--- a/sys/kern/kern_exec.c
+++ b/sys/kern/kern_exec.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: kern_exec.c,v 1.22 1998/07/08 22:28:56 deraadt Exp $	*/
+/*	$OpenBSD: kern_exec.c,v 1.23 1998/07/28 00:13:05 millert Exp $	*/
 /*	$NetBSD: kern_exec.c,v 1.75 1996/02/09 18:59:28 christos Exp $	*/
 
 /*-
@@ -95,7 +95,7 @@ check_exec(p, epp)
 	int error, i;
 	struct vnode *vp;
 	struct nameidata *ndp;
-	int resid;
+	size_t resid;
 
 	ndp = epp->ep_ndp;
 	ndp->ni_cnd.cn_nameiop = LOOKUP;
diff --git a/sys/kern/kern_subr.c b/sys/kern/kern_subr.c
index 56b07f7d0e7..0f8eb3f76c0 100644
--- a/sys/kern/kern_subr.c
+++ b/sys/kern/kern_subr.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: kern_subr.c,v 1.5 1998/05/11 05:41:59 deraadt Exp $	*/
+/*	$OpenBSD: kern_subr.c,v 1.6 1998/07/28 00:13:08 millert Exp $	*/
 /*	$NetBSD: kern_subr.c,v 1.15 1996/04/09 17:21:56 ragge Exp $	*/
 
 /*
@@ -111,11 +111,19 @@ ureadc(c, uio)
 {
 	register struct iovec *iov;
 
-	if (uio->uio_resid <= 0)
-		panic("ureadc: non-positive resid");
+	if (uio->uio_resid == 0)
+#ifdef DIAGNOSTIC
+		panic("ureadc: zero resid");
+#else
+		return (EINVAL);
+#endif
 again:
 	if (uio->uio_iovcnt <= 0)
+#ifdef DIAGNOSTIC
 		panic("ureadc: non-positive iovcnt");
+#else
+		return (EINVAL);
+#endif
 	iov = uio->uio_iov;
 	if (iov->iov_len <= 0) {
 		uio->uio_iovcnt--;
diff --git a/sys/kern/sys_generic.c b/sys/kern/sys_generic.c
index 1603e9e4595..fb6cf718aef 100644
--- a/sys/kern/sys_generic.c
+++ b/sys/kern/sys_generic.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: sys_generic.c,v 1.12 1998/02/09 06:29:07 tholo Exp $	*/
+/*	$OpenBSD: sys_generic.c,v 1.13 1998/07/28 00:12:58 millert Exp $	*/
 /*	$NetBSD: sys_generic.c,v 1.24 1996/03/29 00:25:32 cgd Exp $	*/
 
 /*
@@ -102,8 +102,6 @@ sys_read(p, v, retval)
 	auio.uio_rw = UIO_READ;
 	auio.uio_segflg = UIO_USERSPACE;
 	auio.uio_procp = p;
-	if (auio.uio_resid < 0)
-		return EINVAL;
 #ifdef KTRACE
 	/*
 	 * if tracing, save a copy of iovec
@@ -157,6 +155,8 @@ sys_readv(p, v, retval)
 	    (fp = fdp->fd_ofiles[SCARG(uap, fd)]) == NULL ||
 	    (fp->f_flag & FREAD) == 0)
 		return (EBADF);
+	if (SCARG(uap, iovcnt) <= 0)
+		return (EINVAL);
 	/* note: can't use iovlen until iovcnt is validated */
 	iovlen = SCARG(uap, iovcnt) * sizeof (struct iovec);
 	if (SCARG(uap, iovcnt) > UIO_SMALLIOV) {
@@ -252,8 +252,6 @@ sys_write(p, v, retval)
 	auio.uio_rw = UIO_WRITE;
 	auio.uio_segflg = UIO_USERSPACE;
 	auio.uio_procp = p;
-	if (auio.uio_resid < 0)
-		return EINVAL;
 #ifdef KTRACE
 	/*
 	 * if tracing, save a copy of iovec
@@ -310,6 +308,8 @@ sys_writev(p, v, retval)
 	    (fp = fdp->fd_ofiles[SCARG(uap, fd)]) == NULL ||
 	    (fp->f_flag & FWRITE) == 0)
 		return (EBADF);
+	if (SCARG(uap, iovcnt) <= 0)
+		return (EINVAL);
 	/* note: can't use iovlen until iovcnt is validated */
 	iovlen = SCARG(uap, iovcnt) * sizeof (struct iovec);
 	if (SCARG(uap, iovcnt) > UIO_SMALLIOV) {
diff --git a/sys/kern/uipc_socket.c b/sys/kern/uipc_socket.c
index 2ccc5dfe900..0eedda1429f 100644
--- a/sys/kern/uipc_socket.c
+++ b/sys/kern/uipc_socket.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: uipc_socket.c,v 1.21 1998/02/14 10:55:09 deraadt Exp $	*/
+/*	$OpenBSD: uipc_socket.c,v 1.22 1998/07/28 00:13:07 millert Exp $	*/
 /*	$NetBSD: uipc_socket.c,v 1.21 1996/02/04 02:17:52 christos Exp $	*/
 
 /*
@@ -341,7 +341,8 @@ sosend(so, addr, uio, top, control, flags)
 	struct proc *p = curproc;		/* XXX */
 	struct mbuf **mp;
 	register struct mbuf *m;
-	register long space, len, resid;
+	register long space, len;
+	register quad_t resid;
 	int clen = 0, error, s, dontroute, mlen;
 	int atomic = sosendallatonce(so) || top;
 
@@ -350,7 +351,7 @@ sosend(so, addr, uio, top, control, flags)
 	else
 		resid = top->m_pkthdr.len;
 	/*
-	 * In theory resid should be unsigned.
+	 * In theory resid should be unsigned (since uio->uio_resid is).
 	 * However, space must be signed, as it might be less than 0
 	 * if we over-committed, and we must use a signed comparison
 	 * of space and resid.  On the other hand, a negative resid
@@ -523,7 +524,7 @@ soreceive(so, paddr, uio, mp0, controlp, flagsp)
 	struct protosw *pr = so->so_proto;
 	struct mbuf *nextrecord;
 	int moff, type = 0;
-	int orig_resid = uio->uio_resid;
+	size_t orig_resid = uio->uio_resid;
 
 	mp = mp0;
 	if (paddr)
diff --git a/sys/kern/uipc_syscalls.c b/sys/kern/uipc_syscalls.c
index 65290c40d67..e2b73cb0e66 100644
--- a/sys/kern/uipc_syscalls.c
+++ b/sys/kern/uipc_syscalls.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: uipc_syscalls.c,v 1.7 1998/02/08 22:41:36 tholo Exp $	*/
+/*	$OpenBSD: uipc_syscalls.c,v 1.8 1998/07/28 00:12:56 millert Exp $	*/
 /*	$NetBSD: uipc_syscalls.c,v 1.19 1996/02/09 19:00:48 christos Exp $	*/
 
 /*
@@ -385,6 +385,8 @@ sys_sendmsg(p, v, retval)
 	error = copyin(SCARG(uap, msg), (caddr_t)&msg, sizeof (msg));
 	if (error)
 		return (error);
+	if (msg.msg_iovlen <= 0)
+		return (EINVAL);
 	if ((u_int)msg.msg_iovlen >= UIO_SMALLIOV) {
 		if ((u_int)msg.msg_iovlen >= UIO_MAXIOV)
 			return (EMSGSIZE);
@@ -568,6 +570,8 @@ sys_recvmsg(p, v, retval)
 		       sizeof (msg));
 	if (error)
 		return (error);
+	if (msg.msg_iovlen <= 0)
+		return (EINVAL);
 	if ((u_int)msg.msg_iovlen >= UIO_SMALLIOV) {
 		if ((u_int)msg.msg_iovlen >= UIO_MAXIOV)
 			return (EMSGSIZE);
diff --git a/sys/kern/vfs_vnops.c b/sys/kern/vfs_vnops.c
index d5152e7facc..f900d77fc24 100644
--- a/sys/kern/vfs_vnops.c
+++ b/sys/kern/vfs_vnops.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: vfs_vnops.c,v 1.15 1998/01/15 01:24:40 csapuntz Exp $	*/
+/*	$OpenBSD: vfs_vnops.c,v 1.16 1998/07/28 00:13:04 millert Exp $	*/
 /*	$NetBSD: vfs_vnops.c,v 1.20 1996/02/04 02:18:41 christos Exp $	*/
 
 /*
@@ -228,7 +228,7 @@ vn_rdwr(rw, vp, base, len, offset, segflg, ioflg, cred, aresid, p)
 	enum uio_seg segflg;
 	int ioflg;
 	struct ucred *cred;
-	int *aresid;
+	size_t *aresid;
 	struct proc *p;
 {
 	struct uio auio;
@@ -271,7 +271,8 @@ vn_read(fp, uio, cred)
 	struct ucred *cred;
 {
 	register struct vnode *vp = (struct vnode *)fp->f_data;
-	int count, error = 0;
+	int error = 0;
+	size_t count;
 	struct proc *p = uio->uio_procp;
 
 	VOP_LEASE(vp, uio->uio_procp, cred, LEASE_READ);
@@ -297,7 +298,8 @@ vn_write(fp, uio, cred)
 {
 	register struct vnode *vp = (struct vnode *)fp->f_data;
 	struct proc *p = uio->uio_procp;
-	int count, error, ioflag = IO_UNIT;
+	int error, ioflag = IO_UNIT;
+	size_t count;
 
 	if (vp->v_type == VREG && (fp->f_flag & O_APPEND))
 		ioflag |= IO_APPEND;