summaryrefslogtreecommitdiff
path: root/src/kernel/vfs
diff options
context:
space:
mode:
Diffstat (limited to 'src/kernel/vfs')
-rw-r--r--src/kernel/vfs/request.c9
-rw-r--r--src/kernel/vfs/request.h2
2 files changed, 10 insertions, 1 deletions
diff --git a/src/kernel/vfs/request.c b/src/kernel/vfs/request.c
index 9c5b327..194ee49 100644
--- a/src/kernel/vfs/request.c
+++ b/src/kernel/vfs/request.c
@@ -174,6 +174,12 @@ vfsback_useraccept(VfsReq *req)
space -= len+1;
}
if (req->uin) {
+ if (space < req->uinlen && req->type == VFSOP_SETXATTR) {
+ /* don't truncate xattr values */
+ // TODO test
+ vfsreq_finish_short(req, -ERANGE);
+ return;
+ }
if (req->kin) {
/* save the address of the "second buffer" in id2,
* which should be free */
@@ -181,6 +187,9 @@ vfsback_useraccept(VfsReq *req)
res.id2 = buf;
}
+ /* intentionally overriding the prior len */
+ assert(len == 0 || req->type == VFSOP_SETXATTR);
+
len = min(req->uinlen, space);
len = pcpy_bi(handler, buf, req->caller, req->uin, len);
}
diff --git a/src/kernel/vfs/request.h b/src/kernel/vfs/request.h
index 484fdd7..fa62b35 100644
--- a/src/kernel/vfs/request.h
+++ b/src/kernel/vfs/request.h
@@ -45,7 +45,7 @@ struct VfsReq {
size_t kinlen;
/* user inputs and outputs - just point to some buffer in the caller */
- char __user *uin;
+ const char __user *uin;
size_t uinlen;
char __user *out;
size_t outlen;