diff options
| author | cinap_lenrek <cinap_lenrek@rei2.9hal> | 2012-02-08 00:00:42 +0100 |
|---|---|---|
| committer | cinap_lenrek <cinap_lenrek@rei2.9hal> | 2012-02-08 00:00:42 +0100 |
| commit | 022fd02b9632b0ca3ddd9547730446dd222ab93d (patch) | |
| tree | ec2f051174546017bf0a7cdc88004728c083bf4c /sys/src/9/port/devsrv.c | |
| parent | d970ed6a5a243c2ec69857b69382b79eaaad1e87 (diff) | |
fix endless devwalk loops caused by genbuf truncation
Diffstat (limited to 'sys/src/9/port/devsrv.c')
| -rw-r--r-- | sys/src/9/port/devsrv.c | 39 |
1 files changed, 23 insertions, 16 deletions
diff --git a/sys/src/9/port/devsrv.c b/sys/src/9/port/devsrv.c index 4426d1e00..adde67b9b 100644 --- a/sys/src/9/port/devsrv.c +++ b/sys/src/9/port/devsrv.c @@ -21,8 +21,18 @@ static QLock srvlk; static Srv *srv; static int qidpath; +static Srv* +srvlookup(char *name, ulong qidpath) +{ + Srv *sp; + for(sp = srv; sp; sp = sp->link) + if(sp->path == qidpath || (name && strcmp(sp->name, name) == 0)) + return sp; + return nil; +} + static int -srvgen(Chan *c, char*, Dirtab*, int, int s, Dir *dp) +srvgen(Chan *c, char *name, Dirtab*, int, int s, Dir *dp) { Srv *sp; Qid q; @@ -33,14 +43,16 @@ srvgen(Chan *c, char*, Dirtab*, int, int s, Dir *dp) } qlock(&srvlk); - for(sp = srv; sp && s; sp = sp->link) - s--; - - if(sp == 0) { + if(name) + sp = srvlookup(name, -1); + else { + for(sp = srv; sp && s; sp = sp->link) + s--; + } + if(sp == 0 || (strlen(sp->name) >= sizeof(up->genbuf))) { qunlock(&srvlk); return -1; } - mkqid(&q, sp->path, 0, QTFILE); /* make sure name string continues to exist after we release lock */ kstrcpy(up->genbuf, sp->name, sizeof up->genbuf); @@ -67,16 +79,6 @@ srvwalk(Chan *c, Chan *nc, char **name, int nname) return devwalk(c, nc, name, nname, 0, 0, srvgen); } -static Srv* -srvlookup(char *name, ulong qidpath) -{ - Srv *sp; - for(sp = srv; sp; sp = sp->link) - if(sp->path == qidpath || (name && strcmp(sp->name, name) == 0)) - return sp; - return nil; -} - static int srvstat(Chan *c, uchar *db, int n) { @@ -145,6 +147,9 @@ srvcreate(Chan *c, char *name, int omode, ulong perm) if(openmode(omode) != OWRITE) error(Eperm); + if(strlen(name) >= sizeof(up->genbuf)) + error(Egreg); + sp = smalloc(sizeof *sp); sname = smalloc(strlen(name)+1); @@ -260,6 +265,8 @@ srvwstat(Chan *c, uchar *dp, int n) if(d.name && *d.name && strcmp(sp->name, d.name) != 0) { if(strchr(d.name, '/') != nil) error(Ebadchar); + if(strlen(d.name) >= sizeof(up->genbuf)) + error(Egreg); kstrdup(&sp->name, d.name); } qunlock(&srvlk); |