fix major validation

fileread/filewrite should validate major to avoid buffer overflows or bogus function pointers.
author: Xi Wang <[email protected]> 2019-09-19 10:31:04 -0700
committer: Frans Kaashoek <[email protected]> 2019-09-23 20:01:56 -0400
commit: 9ead904afef8d060c2cc5cee6bd8e8d223de8c40 (patch)
tree: a57ab6072b772c00ad4de414ecfd58c2bf6789ef
parent: 37df68e5dedbf2a26c2bf0bdae090b206ce78b48 (diff)
download: xv6-labs-9ead904afef8d060c2cc5cee6bd8e8d223de8c40.tar.gz
xv6-labs-9ead904afef8d060c2cc5cee6bd8e8d223de8c40.tar.bz2
xv6-labs-9ead904afef8d060c2cc5cee6bd8e8d223de8c40.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/kernel/file.c b/kernel/file.c
index fc87c09..116eb97 100644
--- a/kernel/file.c
+++ b/kernel/file.c
@@ -114,6 +114,8 @@ fileread(struct file *f, uint64 addr, int n)
   if(f->type == FD_PIPE){
     r = piperead(f->pipe, addr, n);
   } else if(f->type == FD_DEVICE){
+    if(f->major < 0 || f->major >= NDEV || !devsw[f->major].read)
+      return -1;
     r = devsw[f->major].read(1, addr, n);
   } else if(f->type == FD_INODE){
     ilock(f->ip);
@@ -140,6 +142,8 @@ filewrite(struct file *f, uint64 addr, int n)
   if(f->type == FD_PIPE){
     ret = pipewrite(f->pipe, addr, n);
   } else if(f->type == FD_DEVICE){
+    if(f->major < 0 || f->major >= NDEV || !devsw[f->major].write)
+      return -1;
     ret = devsw[f->major].write(1, addr, n);
   } else if(f->type == FD_INODE){
     // write a few blocks at a time to avoid exceeding
author	Xi Wang <[email protected]>	2019-09-19 10:31:04 -0700
committer	Frans Kaashoek <[email protected]>	2019-09-23 20:01:56 -0400
commit	9ead904afef8d060c2cc5cee6bd8e8d223de8c40 (patch)
tree	a57ab6072b772c00ad4de414ecfd58c2bf6789ef
parent	37df68e5dedbf2a26c2bf0bdae090b206ce78b48 (diff)
download	xv6-labs-9ead904afef8d060c2cc5cee6bd8e8d223de8c40.tar.gz xv6-labs-9ead904afef8d060c2cc5cee6bd8e8d223de8c40.tar.bz2 xv6-labs-9ead904afef8d060c2cc5cee6bd8e8d223de8c40.zip