diff options
Diffstat (limited to 'src/kernel/vfs')
| -rw-r--r-- | src/kernel/vfs/request.h | 4 | ||||
| -rw-r--r-- | src/kernel/vfs/root.c | 19 |
2 files changed, 7 insertions, 16 deletions
diff --git a/src/kernel/vfs/request.h b/src/kernel/vfs/request.h index 37b8c3a..151a066 100644 --- a/src/kernel/vfs/request.h +++ b/src/kernel/vfs/request.h @@ -26,11 +26,11 @@ struct vfs_request { char __user *buf; char *buf_kern; }; - int len; + size_t len; } input; struct { char __user *buf; - int len; + size_t len; } output; int id; // handle.file.id diff --git a/src/kernel/vfs/root.c b/src/kernel/vfs/root.c index 2529b02..14f9a01 100644 --- a/src/kernel/vfs/root.c +++ b/src/kernel/vfs/root.c @@ -21,36 +21,28 @@ enum { }; static bool exacteq(struct vfs_request *req, const char *str) { - int len = strlen(str); + size_t len = strlen(str); assert(req->input.kern); return req->input.len == len && !memcmp(req->input.buf_kern, str, len); } /* truncates the length */ -static void req_preprocess(struct vfs_request *req, int max_len) { - // max_len is signed because req->*.len are signed too - // potential place for VULNs to occur - arbitrary kernel reads etc +static void req_preprocess(struct vfs_request *req, size_t max_len) { if (req->offset < 0) { // TODO negative offsets req->offset = 0; } - if (req->offset >= max_len) { + if (req->offset >= capped_cast32(max_len)) { req->input.len = 0; req->output.len = 0; req->offset = max_len; return; } - if (req->input.len < 0) req->input.len = 0; - if (req->output.len < 0) req->output.len = 0; - req->input.len = min(req->input.len, max_len - req->offset); req->output.len = min(req->output.len, max_len - req->offset); - assert(req->input.len >= 0); - assert(req->output.len >= 0); - assert(req->input.len + req->offset <= max_len); assert(req->input.len + req->offset <= max_len); } @@ -84,7 +76,6 @@ static int handle(struct vfs_request *req, bool *ready) { "com1\0" "ps2\0" "ata/"; - if (req->output.len < 0) return 0; // is this needed? TODO make that a size_t or something int len = min((size_t) req->output.len, sizeof(src)); virt_cpy_to(req->caller->pages, req->output.buf, src, len); return len; @@ -106,7 +97,7 @@ static int handle(struct vfs_request *req, bool *ready) { req->caller->waits4irq.ready = serial_ready; return -1; } - uint8_t buf[16]; + char buf[16]; size_t len = serial_read(buf, min(req->output.len, sizeof buf)); virt_cpy_to(req->caller->pages, req->output.buf, buf, len); return len; @@ -146,7 +137,7 @@ static int handle(struct vfs_request *req, bool *ready) { if (req->offset < 0) return 0; char buf[512]; uint32_t sector = req->offset / 512; - int len = min(req->output.len, 512 - (req->offset & 511)); + size_t len = min(req->output.len, 512 - ((size_t)req->offset & 511)); ata_read(req->id - HANDLE_ATA, sector, buf); virt_cpy_to(req->caller->pages, req->output.buf, buf, len); return len; |