Sat Aug 12 04:17:37 2017 UTC ()
Pull up following revision(s) (requested by mrg in ticket #1479):
	sys/compat/common/vfs_syscalls_12.c: revision 1.34
	sys/rump/kern/lib/libsys_sunos/rump_sunos_compat.c: revision 1.2
	sys/compat/svr4_32/svr4_32_misc.c: revision 1.78
	sys/compat/sunos32/sunos32_misc.c: revision 1.78
	sys/compat/linux/common/linux_misc.c: revision 1.239
	sys/compat/osf1/osf1_file.c: revision 1.44
	sys/compat/common/vfs_syscalls_43.c: revision 1.60
	sys/compat/svr4/svr4_misc.c: revision 1.158
	sys/compat/ibcs2/ibcs2_misc.c: revision 1.114
	sys/compat/linux/common/linux_file64.c: revision 1.59
	sys/compat/linux32/common/linux32_dirent.c: revision 1.18
	sys/compat/sunos/sunos_misc.c: revision 1.171
Fail, don't panic, on bad dirents from file system.
Controllable via puffs from userland.
From Ilja Van Sprundel.


(snj)
diff -r1.1 -r1.1.26.1 src/sys/rump/kern/lib/libsys_sunos/rump_sunos_compat.c
cvs diff -r1.1 -r1.1.26.1 src/sys/rump/kern/lib/libsys_sunos/rump_sunos_compat.c (expand / switch to unified diff)

--- src/sys/rump/kern/lib/libsys_sunos/rump_sunos_compat.c 2013/04/09 13:08:33 1.1
+++ src/sys/rump/kern/lib/libsys_sunos/rump_sunos_compat.c 2017/08/12 04:17:37 1.1.26.1
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1/* $NetBSD: rump_sunos_compat.c,v 1.1 2013/04/09 13:08:33 pooka Exp $ */ 1/* $NetBSD: rump_sunos_compat.c,v 1.1.26.1 2017/08/12 04:17:37 snj Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2013 Antti Kantee. All Rights Reserved. 4 * Copyright (c) 2013 Antti Kantee. All Rights Reserved.
5 * 5 *
6 * Redistribution and use in source and binary forms, with or without 6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions 7 * modification, are permitted provided that the following conditions
8 * are met: 8 * are met:
9 * 1. Redistributions of source code must retain the above copyright 9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer. 10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright 11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the 12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution. 13 * documentation and/or other materials provided with the distribution.
14 * 14 *
@@ -303,28 +303,30 @@ again: @@ -303,28 +303,30 @@ again:
303 &ncookies); 303 &ncookies);
304 if (error) 304 if (error)
305 goto out; 305 goto out;
306 306
307 inp = buf; 307 inp = buf;
308 outp = SCARG(uap, buf); 308 outp = SCARG(uap, buf);
309 resid = SCARG(uap, nbytes); 309 resid = SCARG(uap, nbytes);
310 if ((len = buflen - auio.uio_resid) == 0) 310 if ((len = buflen - auio.uio_resid) == 0)
311 goto eof; 311 goto eof;
312 312
313 for (cookie = cookiebuf; len > 0; len -= reclen) { 313 for (cookie = cookiebuf; len > 0; len -= reclen) {
314 bdp = (struct dirent *)inp; 314 bdp = (struct dirent *)inp;
315 reclen = bdp->d_reclen; 315 reclen = bdp->d_reclen;
316 if (reclen & 3) 316 if (reclen & 3) {
317 panic("sunos_getdents"); 317 error = EIO;
 318 goto out;
 319 }
318 if ((*cookie >> 32) != 0) { 320 if ((*cookie >> 32) != 0) {
319 printf("rump_sunos_sys_getdents: offset too large\n"); 321 printf("rump_sunos_sys_getdents: offset too large\n");
320 error = EINVAL; 322 error = EINVAL;
321 goto out; 323 goto out;
322 } 324 }
323 if (bdp->d_fileno == 0) { 325 if (bdp->d_fileno == 0) {
324 inp += reclen; /* it is a hole; squish it out */ 326 inp += reclen; /* it is a hole; squish it out */
325 if (cookie) 327 if (cookie)
326 off = *cookie++; 328 off = *cookie++;
327 else 329 else
328 off += reclen; 330 off += reclen;
329 continue; 331 continue;
330 } 332 }