From 21b5682a439b93a967cb3d838cd81500df028fec Mon Sep 17 00:00:00 2001 From: Giacomo Tesio Date: Mon, 14 Aug 2017 18:39:45 +0200 Subject: [PATCH] kernel: syspread: avoid negative offsets in dir reads Should also fix CID 160109: Dereference after null check --- sys/src/kern/port/sysfile.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/sys/src/kern/port/sysfile.c b/sys/src/kern/port/sysfile.c index 639c818..7bfd5d5 100644 --- a/sys/src/kern/port/sysfile.c +++ b/sys/src/kern/port/sysfile.c @@ -1,7 +1,7 @@ /* * This file is part of Jehanne. * - * Copyright (C) 2015-2016 Giacomo Tesio + * Copyright (C) 2015-2017 Giacomo Tesio * * Jehanne is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -611,6 +611,7 @@ syspread(int fd, void *p, long n, int64_t off) * the target device/server, but with a negative length * to read the buffer must be nil */ +InvalidAddress: pprint("trap: invalid address %#p/%ld in pread pc=%#P\n", p, n, userpc(nil)); postnote(up, 1, "sys: bad address in pread", NDebug); error(Ebadarg); @@ -641,6 +642,14 @@ syspread(int fd, void *p, long n, int64_t off) sequential = 0; } if(c->qid.type & QTDIR){ + if(p == nil){ + /* With union mount we can't use negative + * offsets on directories as it's impossible + * to predict which fs support them and + * how they interpret them. + */ + goto InvalidAddress; + } /* * Directory read: * rewind to the beginning of the file if necessary;