Module Name: src
Committed By: riastradh
Date: Tue Feb 21 11:40:00 UTC 2023
Modified Files:
src/sys/kern: kern_ksyms.c
Log Message:
ksyms(4): Reject negative offsets earlier in lseek.
Avoid arithmetic overflow.
XXX pullup-10
To generate a diff of this commit:
cvs rdiff -u -r1.107 -r1.108 src/sys/kern/kern_ksyms.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/kern/kern_ksyms.c
diff -u src/sys/kern/kern_ksyms.c:1.107 src/sys/kern/kern_ksyms.c:1.108
--- src/sys/kern/kern_ksyms.c:1.107 Fri Jul 15 06:40:24 2022
+++ src/sys/kern/kern_ksyms.c Tue Feb 21 11:40:00 2023
@@ -1,4 +1,4 @@
-/* $NetBSD: kern_ksyms.c,v 1.107 2022/07/15 06:40:24 mrg Exp $ */
+/* $NetBSD: kern_ksyms.c,v 1.108 2023/02/21 11:40:00 riastradh Exp $ */
/*-
* Copyright (c) 2008 The NetBSD Foundation, Inc.
@@ -73,7 +73,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_ksyms.c,v 1.107 2022/07/15 06:40:24 mrg Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_ksyms.c,v 1.108 2023/02/21 11:40:00 riastradh Exp $");
#if defined(_KERNEL) && defined(_KERNEL_OPT)
#include "opt_copy_symtab.h"
@@ -1417,6 +1417,7 @@ ksymsmmap(struct file *fp, off_t *offp,
static int
ksymsseek(struct file *fp, off_t delta, int whence, off_t *newoffp, int flags)
{
+ const off_t OFF_MAX = __type_max(off_t);
struct ksyms_snapshot *ks = fp->f_data;
off_t base, newoff;
int error;
@@ -1438,13 +1439,15 @@ ksymsseek(struct file *fp, off_t delta,
goto out;
}
- /* Compute the new offset and validate it. */
- newoff = base + delta; /* XXX arithmetic overflow */
- if (newoff < 0) {
+ /* Check for arithmetic overflow and reject negative offsets. */
+ if (base < 0 || delta > OFF_MAX - base || base + delta < 0) {
error = EINVAL;
goto out;
}
+ /* Compute the new offset. */
+ newoff = base + delta;
+
/* Success! */
if (newoffp)
*newoffp = newoff;
