Fixed arg checking in if_advlock(). Invalid args were accepted in an

optimized case. Preposterous lengths weren't checked for. Found by: NIST-PCTS
svn path=/head/; revision=20676
2025-01-11 17:04:19 +01:00 · 1996-12-19 13:22:30 +00:00 · 1996-12-19 13:22:30 +00:00 · a88bd8aae4 · 2020-12-20 02:59:44 +00:00
commit a88bd8aae4
parent 0181a94ac9
1 changed files with 14 additions and 11 deletions
--- a/sys/kern/kern_lockf.c
+++ b/sys/kern/kern_lockf.c
@ -34,7 +34,7 @@
 * SUCH DAMAGE.
 *
 *	@(#)ufs_lockf.c	8.3 (Berkeley) 1/6/94
- * $Id: kern_lockf.c,v 1.5 1995/12/14 08:31:26 phk Exp $
+ * $Id: kern_lockf.c,v 1.6 1996/09/03 14:21:52 bde Exp $
 */

 #include <sys/param.h>
@ -92,15 +92,6 @@ lf_advlock(ap, head, size)
 	off_t start, end;
 	int error;

-	/*
-	 * Avoid the common case of unlocking when inode has no locks.
-	 */
-	if (*head == (struct lockf *)0) {
-		if (ap->a_op != F_SETLK) {
-			fl->l_type = F_UNLCK;
-			return (0);
-		}
-	}
 	/*
 	 * Convert the flock structure into a start and end.
 	 */
@ -126,8 +117,20 @@ lf_advlock(ap, head, size)
 		return (EINVAL);
 	if (fl->l_len == 0)
 		end = -1;
-	else
+	else {
 		end = start + fl->l_len - 1;
+		if (end < start)
+			return (EINVAL);
+	}
+	/*
+	 * Avoid the common case of unlocking when inode has no locks.
+	 */
+	if (*head == (struct lockf *)0) {
+		if (ap->a_op != F_SETLK) {
+			fl->l_type = F_UNLCK;
+			return (0);
+		}
+	}
 	/*
 	 * Create the lockf structure
 	 */