From owner-freebsd-hackers Sat Jan 25 20:16:06 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id UAA15134 for hackers-outgoing; Sat, 25 Jan 1997 20:16:06 -0800 (PST) Received: from parkplace.cet.co.jp (parkplace.cet.co.jp [202.32.64.1]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id UAA15129 for ; Sat, 25 Jan 1997 20:16:03 -0800 (PST) Received: from localhost (michaelh@localhost) by parkplace.cet.co.jp (8.8.3/CET-v2.1) with SMTP id EAA20488; Sun, 26 Jan 1997 04:15:57 GMT Date: Sun, 26 Jan 1997 13:15:56 +0900 (JST) From: Michael Hancock Reply-To: Michael Hancock To: Bruce Evans cc: FreeBSD Hackers Subject: Re: cvs commit: src/sys/kern kern_lockf.c In-Reply-To: <199612191322.FAA21783@freefall.freebsd.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-hackers@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Thu, 19 Dec 1996, Bruce Evans wrote: > bde 96/12/19 05:22:31 > > Modified: sys/kern kern_lockf.c > Log: > Fixed arg checking in if_advlock(). Invalid args were accepted in an > optimized case. Preposterous lengths weren't checked for. > > Found by: NIST-PCTS > > Revision Changes Path > 1.7 +14 -11 src/sys/kern/kern_lockf.c > All of the argument checking seems out of place here. The call trace is like this: fcntl => VOP_ADVLOCK => lf_advlock or open => VOP_ADVLOCK => lf_advlock Garbage input should be stopped at the source and lf_advlock should be completely free from arg checking. The original coder wanted to factor error checking into lf_advlock, but it seems incorrect to allow garbage to come in so far. A consistent division of arg checking responsibilities would make it easier for people to decide where to do the checks. We would need some comments or preconditions specified in lf_advlock to communicate what was expected so that we would know what to do in fcntl and open. Any comments? Regards, Mike Hancock