Sun Dec 14 14:03:28 2014 UTC ()
Pull up revision 1.31, requested by maxv in #1209:

Prevent a user-triggerable kmem_alloc(0).


(martin)
diff -r1.30 -r1.30.20.1 src/sys/compat/netbsd32/netbsd32_compat_30.c
cvs diff -r1.30 -r1.30.20.1 src/sys/compat/netbsd32/netbsd32_compat_30.c (expand / switch to unified diff)

--- src/sys/compat/netbsd32/netbsd32_compat_30.c 2010/04/23 15:19:20 1.30
+++ src/sys/compat/netbsd32/netbsd32_compat_30.c 2014/12/14 14:03:28 1.30.20.1
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1/* $NetBSD: netbsd32_compat_30.c,v 1.30 2010/04/23 15:19:20 rmind Exp $ */ 1/* $NetBSD: netbsd32_compat_30.c,v 1.30.20.1 2014/12/14 14:03:28 martin Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 1998, 2001 Matthew R. Green 4 * Copyright (c) 1998, 2001 Matthew R. Green
5 * All rights reserved. 5 * All rights reserved.
6 * 6 *
7 * Redistribution and use in source and binary forms, with or without 7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions 8 * modification, are permitted provided that the following conditions
9 * are met: 9 * are met:
10 * 1. Redistributions of source code must retain the above copyright 10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer. 11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright 12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the 13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution. 14 * documentation and/or other materials provided with the distribution.
@@ -17,27 +17,27 @@ @@ -17,27 +17,27 @@
17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
18 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
19 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 19 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
21 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 21 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
22 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 22 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
23 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 23 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
24 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26 * SUCH DAMAGE. 26 * SUCH DAMAGE.
27 */ 27 */
28 28
29#include <sys/cdefs.h> 29#include <sys/cdefs.h>
30__KERNEL_RCSID(0, "$NetBSD: netbsd32_compat_30.c,v 1.30 2010/04/23 15:19:20 rmind Exp $"); 30__KERNEL_RCSID(0, "$NetBSD: netbsd32_compat_30.c,v 1.30.20.1 2014/12/14 14:03:28 martin Exp $");
31 31
32#include <sys/param.h> 32#include <sys/param.h>
33#include <sys/systm.h> 33#include <sys/systm.h>
34#include <sys/mount.h> 34#include <sys/mount.h>
35#include <sys/socket.h> 35#include <sys/socket.h>
36#include <sys/socketvar.h> 36#include <sys/socketvar.h>
37#include <sys/stat.h> 37#include <sys/stat.h>
38#include <sys/time.h> 38#include <sys/time.h>
39#include <sys/ktrace.h> 39#include <sys/ktrace.h>
40#include <sys/resourcevar.h> 40#include <sys/resourcevar.h>
41#include <sys/vnode.h> 41#include <sys/vnode.h>
42#include <sys/file.h> 42#include <sys/file.h>
43#include <sys/filedesc.h> 43#include <sys/filedesc.h>
@@ -68,26 +68,29 @@ compat_30_netbsd32_getdents(struct lwp * @@ -68,26 +68,29 @@ compat_30_netbsd32_getdents(struct lwp *
68 char *buf; 68 char *buf;
69 netbsd32_size_t count; 69 netbsd32_size_t count;
70 70
71 /* Limit the size on any kernel buffers used by VOP_READDIR */ 71 /* Limit the size on any kernel buffers used by VOP_READDIR */
72 count = min(MAXBSIZE, SCARG(uap, count)); 72 count = min(MAXBSIZE, SCARG(uap, count));
73 73
74 /* fd_getvnode() will use the descriptor for us */ 74 /* fd_getvnode() will use the descriptor for us */
75 if ((error = fd_getvnode(SCARG(uap, fd), &fp)) != 0) 75 if ((error = fd_getvnode(SCARG(uap, fd), &fp)) != 0)
76 return (error); 76 return (error);
77 if ((fp->f_flag & FREAD) == 0) { 77 if ((fp->f_flag & FREAD) == 0) {
78 error = EBADF; 78 error = EBADF;
79 goto out; 79 goto out;
80 } 80 }
 81 if (count == 0)
 82 goto out;
 83
81 buf = kmem_alloc(count, KM_SLEEP); 84 buf = kmem_alloc(count, KM_SLEEP);
82 error = vn_readdir(fp, buf, UIO_SYSSPACE, count, &done, l, 0, 0); 85 error = vn_readdir(fp, buf, UIO_SYSSPACE, count, &done, l, 0, 0);
83 if (error == 0) { 86 if (error == 0) {
84 *retval = netbsd32_to_dirent12(buf, done); 87 *retval = netbsd32_to_dirent12(buf, done);
85 error = copyout(buf, SCARG_P32(uap, buf), *retval); 88 error = copyout(buf, SCARG_P32(uap, buf), *retval);
86 } 89 }
87 kmem_free(buf, count); 90 kmem_free(buf, count);
88 out: 91 out:
89 fd_putfile(SCARG(uap, fd)); 92 fd_putfile(SCARG(uap, fd));
90 return (error); 93 return (error);
91} 94}
92 95
93int 96int