mail archive of the barebox mailing list
 help / color / mirror / Atom feed
* [PATCH] fs: add basic sanity check before accessing the files array
@ 2010-07-27 13:16 Baruch Siach
  2010-07-27 13:34 ` Jean-Christophe PLAGNIOL-VILLARD
  0 siblings, 1 reply; 5+ messages in thread
From: Baruch Siach @ 2010-07-27 13:16 UTC (permalink / raw)
  To: barebox

This patch adds some basic file descriptor sanity checks to the file access
routines. Check whether the given file descriptor is in the files array range,
and whether the file entry is valid.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
 fs/fs.c |   40 ++++++++++++++++++++++++++++++++++++++++
 1 files changed, 40 insertions(+), 0 deletions(-)

diff --git a/fs/fs.c b/fs/fs.c
index 8417067..449dcc2 100644
--- a/fs/fs.c
+++ b/fs/fs.c
@@ -457,6 +457,11 @@ int ioctl(int fd, int request, void *buf)
 	struct fs_driver_d *fsdrv;
 	FILE *f = &files[fd];
 
+	if (fd < 0 || fd >= MAX_FILES || !f->in_use) {
+		errno = -EBADF;
+		return errno;
+	}
+
 	dev = f->dev;
 
 	fsdrv = (struct fs_driver_d *)dev->driver->type_data;
@@ -474,6 +479,11 @@ int read(int fd, void *buf, size_t count)
 	struct fs_driver_d *fsdrv;
 	FILE *f = &files[fd];
 
+	if (fd < 0 || fd >= MAX_FILES || !f->in_use) {
+		errno = -EBADF;
+		return errno;
+	}
+
 	dev = f->dev;
 
 	fsdrv = (struct fs_driver_d *)dev->driver->type_data;
@@ -494,6 +504,11 @@ ssize_t write(int fd, const void *buf, size_t count)
 	struct fs_driver_d *fsdrv;
 	FILE *f = &files[fd];
 
+	if (fd < 0 || fd >= MAX_FILES || !f->in_use) {
+		errno = -EBADF;
+		return errno;
+	}
+
 	dev = f->dev;
 
 	fsdrv = (struct fs_driver_d *)dev->driver->type_data;
@@ -524,6 +539,11 @@ off_t lseek(int fildes, off_t offset, int whence)
 	FILE *f = &files[fildes];
 	off_t pos;
 
+	if (fildes < 0 || fildes >= MAX_FILES || !f->in_use) {
+		errno = -EBADF;
+		return -1;
+	}
+
 	errno = 0;
 
 	dev = f->dev;
@@ -567,6 +587,11 @@ int erase(int fd, size_t count, unsigned long offset)
 	struct fs_driver_d *fsdrv;
 	FILE *f = &files[fd];
 
+	if (fd < 0 || fd >= MAX_FILES || !f->in_use) {
+		errno = -EBADF;
+		return errno;
+	}
+
 	dev = f->dev;
 
 	fsdrv = (struct fs_driver_d *)dev->driver->type_data;
@@ -589,6 +614,11 @@ int protect(int fd, size_t count, unsigned long offset, int prot)
 	struct fs_driver_d *fsdrv;
 	FILE *f = &files[fd];
 
+	if (fd < 0 || fd >= MAX_FILES || !f->in_use) {
+		errno = -EBADF;
+		return errno;
+	}
+
 	dev = f->dev;
 
 	fsdrv = (struct fs_driver_d *)dev->driver->type_data;
@@ -627,6 +657,11 @@ void *memmap(int fd, int flags)
 	FILE *f = &files[fd];
 	void *ret = (void *)-1;
 
+	if (fd < 0 || fd >= MAX_FILES || !f->in_use) {
+		errno = -EBADF;
+		return ret;
+	}
+
 	dev = f->dev;
 
 	fsdrv = (struct fs_driver_d *)dev->driver->type_data;
@@ -646,6 +681,11 @@ int close(int fd)
 	struct fs_driver_d *fsdrv;
 	FILE *f = &files[fd];
 
+	if (fd < 0 || fd >= MAX_FILES || !f->in_use) {
+		errno = -EBADF;
+		return errno;
+	}
+
 	dev = f->dev;
 
 	fsdrv = (struct fs_driver_d *)dev->driver->type_data;
-- 
1.7.1


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2010-07-28  6:22 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2010-07-27 13:16 [PATCH] fs: add basic sanity check before accessing the files array Baruch Siach
2010-07-27 13:34 ` Jean-Christophe PLAGNIOL-VILLARD
2010-07-27 13:52   ` Baruch Siach
2010-07-28  5:27   ` [PATCHv2] " Baruch Siach
2010-07-28  6:22     ` Sascha Hauer

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox