system/freebsd-src
system/freebsd-src
1
0
Fork 0
mirror of https://github.com/freebsd/freebsd-src synced 2024-10-07 17:10:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

Check for lengths being <= 0. Note that this interface can only

Browse source 
be accessed by root.  It uses unsigned ints instead of size_t
to preserve the ABI.

PR:		207627
Submitted by:	ryan@ryanday.net (with slight tweaks)
MFC after:	1 month
This commit is contained in:
Edward Tomasz Napierala 2016-11-03 10:11:59 +00:00
parent d5315b02cd
commit a851d1fbfd
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=308250
2 changed files with 21 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
sys/cam/ctl/ctl.c
View file

@ -2370,7 +2370,7 @@ ctl_ioctl_fill_ooa(struct ctl_lun *lun, uint32_t *cur_fill_num,
}
static void *
ctl_copyin_alloc(void *user_addr, int len, char *error_str,
ctl_copyin_alloc(void *user_addr, unsigned int len, char *error_str,
size_t error_str_len)
{
void *kptr;
@ -2425,6 +2425,12 @@ ctl_copyin_args(int num_args, struct ctl_be_arg *uargs,
for (i = 0; i < num_args; i++) {
uint8_t *tmpptr;
if (args[i].namelen == 0) {
snprintf(error_str, error_str_len, "Argument %d "
"name length is zero", i);
goto bailout;
}
args[i].kname = ctl_copyin_alloc(args[i].name,
args[i].namelen, error_str, error_str_len);
if (args[i].kname == NULL)
@ -2437,10 +2443,17 @@ ctl_copyin_args(int num_args, struct ctl_be_arg *uargs,
}
if (args[i].flags & CTL_BEARG_RD) {
if (args[i].vallen == 0) {
snprintf(error_str, error_str_len, "Argument %d "
"value length is zero", i);
goto bailout;
}
tmpptr = ctl_copyin_alloc(args[i].value,
args[i].vallen, error_str, error_str_len);
if (tmpptr == NULL)
goto bailout;
if ((args[i].flags & CTL_BEARG_ASCII)
&& (tmpptr[args[i].vallen - 1] != '\0')) {
snprintf(error_str, error_str_len, "Argument "

14
sys/cam/ctl/ctl_ioctl.h
View file

@ -317,20 +317,20 @@ typedef enum {
*
* flags: Flags for the parameter, see above for values.
*
* vallen: Length of the value in bytes.
* vallen: Length of the value in bytes, including the terminating NUL.
*
* value: Value to be set/fetched.
* value: Value to be set/fetched. This must be NUL-terminated.
*
* kname: For kernel use only.
*
* kvalue: For kernel use only.
*/
struct ctl_be_arg {
int namelen;
char *name;
int flags;
int vallen;
void *value;
unsigned int namelen;
char *name;
int flags;
unsigned int vallen;
void *value;
char *kname;
void *kvalue;