Differential D31511 Diff 93630 sys/fs/nfsserver/nfs_nfsdserv.c

Changeset View

Standalone View

sys/fs/nfsserver/nfs_nfsdserv.c

Show First 20 Lines • Show All 5,341 Lines • ▼ Show 20 Lines	nfsrvd_allocate(struct nfsrv_descript *nd, __unused int isdgram,
if (stp->ls_stateid.seqid == 0xffffffff &&		if (stp->ls_stateid.seqid == 0xffffffff &&
stp->ls_stateid.other[0] == 0x55555555 &&		stp->ls_stateid.other[0] == 0x55555555 &&
stp->ls_stateid.other[1] == 0x55555555 &&		stp->ls_stateid.other[1] == 0x55555555 &&
stp->ls_stateid.other[2] == 0x55555555)		stp->ls_stateid.other[2] == 0x55555555)
gotproxystateid = 1;		gotproxystateid = 1;
off = fxdr_hyper(tl); tl += 2;		off = fxdr_hyper(tl); tl += 2;
lop->lo_first = off;		lop->lo_first = off;
len = fxdr_hyper(tl);		len = fxdr_hyper(tl);
lop->lo_end = off + len;		lop->lo_end = lop->lo_first + len;
/*		/*
* Paranoia, just in case it wraps around, which shouldn't		* Sanity check the offset and length.
* ever happen anyhow.		* off and len are off_t (signed int64_t) whereas
		* lo_first and lo_end are uint64_t and, as such,
		* if off >= 0 && len > 0, lo_end cannot overflow
		* unless off_t is changed to something other than
		* int64_t. Check lo_end < lo_first in case that
		* is someday the case.
*/		*/
if (nd->nd_repstat == 0 && (lop->lo_end < lop->lo_first \|\| len <= 0))		if (nd->nd_repstat == 0 && (len <= 0 \|\| off < 0 \|\| lop->lo_end >
		OFF_MAX \|\| lop->lo_end < lop->lo_first))
		kibUnsubmitted Not Done Inline Actions Don't you still need to check that lo_end > lo_first? kib: Don't you still need to check that lo_end > lo_first?
		rmacklemAuthorUnsubmitted Done Inline Actions Well, since off and len are both checked non-negative, that means they can't be greater than OFF_MAX. --> OFF_MAX + OFFMAX cannot be greater than UINT64_MAX. So, as long as off_t is signed, lo_end could not have overflowed. --> lo_end could be less than lo_first only if off or len were negative, I think? I can add lo_end > lo_first back in as a safety belt in case off_t is changed to unit64_t or int128_t someday. rmacklem: Well, since off and len are both checked non-negative, that means they can't be greater than…
nd->nd_repstat = NFSERR_INVAL;		nd->nd_repstat = NFSERR_INVAL;

if (nd->nd_repstat == 0 && vnode_vtype(vp) != VREG)		if (nd->nd_repstat == 0 && vnode_vtype(vp) != VREG)
nd->nd_repstat = NFSERR_WRONGTYPE;		nd->nd_repstat = NFSERR_WRONGTYPE;
NFSZERO_ATTRBIT(&attrbits);		NFSZERO_ATTRBIT(&attrbits);
NFSSETBIT_ATTRBIT(&attrbits, NFSATTRBIT_OWNER);		NFSSETBIT_ATTRBIT(&attrbits, NFSATTRBIT_OWNER);
forat_ret = nfsvno_getattr(vp, &forat, nd, curthread, 1, &attrbits);		forat_ret = nfsvno_getattr(vp, &forat, nd, curthread, 1, &attrbits);
if (nd->nd_repstat == 0)		if (nd->nd_repstat == 0)
▲ Show 20 Lines • Show All 665 Lines • Show Last 20 Lines