glibc/hurd/fd-read.c
Sergey Bugaev 8cbab3b729 hurd: Protect against servers returning bogus read/write lengths
There already was a branch checking for this case in _hurd_fd_read ()
when the data is returned out-of-line. Do the same for inline data, as
well as for _hurd_fd_write (). It's also not possible for the length to
be negative, since it's stored in an unsigned integer.

Not verifying the returned length can confuse the callers who assume
the returned length is always reasonable. This manifested as libzstd
test suite failing on writes to /dev/zero, even though the write () call
appeared to succeed. In fact, the zero store backing /dev/zero was
returning a larger written length than the size actually submitted to
it, which is a separate bug to be fixed on the Hurd side. With this
patch, EGRATUITOUS is now propagated to the caller.

Reported-by: Diego Nieto Cid <dnietoc@gmail.com>
Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-ID: <20241204112915.540032-1-bugaevc@gmail.com>
2024-12-05 08:49:35 +01:00

57 lines
1.6 KiB
C

/* Copyright (C) 1993-2024 Free Software Foundation, Inc.
This file is part of the GNU C Library.
The GNU C Library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
The GNU C Library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with the GNU C Library; if not, see
<https://www.gnu.org/licenses/>. */
#include <errno.h>
#include <unistd.h>
#include <hurd.h>
#include <hurd/fd.h>
#include <string.h>
error_t
_hurd_fd_read (struct hurd_fd *fd, void *buf, size_t *nbytes, loff_t offset)
{
error_t err;
char *data;
mach_msg_type_number_t nread;
error_t readfd (io_t port)
{
return __io_read (port, &data, &nread, offset, *nbytes);
}
data = buf;
nread = *nbytes;
if (err = HURD_FD_PORT_USE_CANCEL (fd, _hurd_ctty_input (port, ctty, readfd)))
return err;
if (__glibc_unlikely (nread > *nbytes)) /* Sanity check for bogus server. */
{
if (data != buf)
__vm_deallocate (__mach_task_self (), (vm_address_t) data, nread);
return EGRATUITOUS;
}
if (data != buf)
{
memcpy (buf, data, nread);
__vm_deallocate (__mach_task_self (), (vm_address_t) data, nread);
}
*nbytes = nread;
return 0;
}