diff options
| author | Baruch Siach <baruch@tkos.co.il> | 2010-07-28 08:27:50 +0300 |
|---|---|---|
| committer | Sascha Hauer <s.hauer@pengutronix.de> | 2010-07-28 08:21:46 +0200 |
| commit | edf1301d824b3bf4544a66dc01eaa751cfd68e66 (patch) | |
| tree | d1f75afce172c26b0d7b8bf13b15b8909f2ed04d /fs | |
| parent | b8063f72f0ff2f289151fb48815b8600f53c8cfc (diff) | |
| download | barebox-edf1301d824b3bf4544a66dc01eaa751cfd68e66.tar.gz barebox-edf1301d824b3bf4544a66dc01eaa751cfd68e66.tar.xz | |
fs: add basic sanity check before accessing the files array
This patch adds some basic file descriptor sanity checks to the file access
routines. Check whether the given file descriptor is in the files array range,
and whether the file entry is valid.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Diffstat (limited to 'fs')
| -rw-r--r-- | fs/fs.c | 34 |
1 files changed, 34 insertions, 0 deletions
@@ -229,6 +229,16 @@ static void put_file(FILE *f) files[f->no].in_use = 0; } +static int check_fd(int fd) +{ + if (fd < 0 || fd >= MAX_FILES || !files[fd].in_use) { + errno = -EBADF; + return errno; + } + + return 0; +} + static struct device_d *get_fs_device_by_path(char **path) { struct device_d *dev; @@ -457,6 +467,9 @@ int ioctl(int fd, int request, void *buf) struct fs_driver_d *fsdrv; FILE *f = &files[fd]; + if (check_fd(fd)) + return errno; + dev = f->dev; fsdrv = (struct fs_driver_d *)dev->driver->type_data; @@ -474,6 +487,9 @@ int read(int fd, void *buf, size_t count) struct fs_driver_d *fsdrv; FILE *f = &files[fd]; + if (check_fd(fd)) + return errno; + dev = f->dev; fsdrv = (struct fs_driver_d *)dev->driver->type_data; @@ -494,6 +510,9 @@ ssize_t write(int fd, const void *buf, size_t count) struct fs_driver_d *fsdrv; FILE *f = &files[fd]; + if (check_fd(fd)) + return errno; + dev = f->dev; fsdrv = (struct fs_driver_d *)dev->driver->type_data; @@ -524,6 +543,9 @@ off_t lseek(int fildes, off_t offset, int whence) FILE *f = &files[fildes]; off_t pos; + if (check_fd(fildes)) + return -1; + errno = 0; dev = f->dev; @@ -567,6 +589,9 @@ int erase(int fd, size_t count, unsigned long offset) struct fs_driver_d *fsdrv; FILE *f = &files[fd]; + if (check_fd(fd)) + return errno; + dev = f->dev; fsdrv = (struct fs_driver_d *)dev->driver->type_data; @@ -589,6 +614,9 @@ int protect(int fd, size_t count, unsigned long offset, int prot) struct fs_driver_d *fsdrv; FILE *f = &files[fd]; + if (check_fd(fd)) + return errno; + dev = f->dev; fsdrv = (struct fs_driver_d *)dev->driver->type_data; @@ -627,6 +655,9 @@ void *memmap(int fd, int flags) FILE *f = &files[fd]; void *ret = (void *)-1; + if (check_fd(fd)) + return ret; + dev = f->dev; fsdrv = (struct fs_driver_d *)dev->driver->type_data; @@ -646,6 +677,9 @@ int close(int fd) struct fs_driver_d *fsdrv; FILE *f = &files[fd]; + if (check_fd(fd)) + return errno; + dev = f->dev; fsdrv = (struct fs_driver_d *)dev->driver->type_data; |