upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-06-09 00:32:25 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

pipe: keep uio_iovcnt consistent

Browse source 
In pipe_build_write_buffer we increment uio_iov but did not update
uio_iovcnt.  This would not cause an OOB read (thanks to to uio_resid)
but is inconsistent and could be an issue if other code changes are made
in the future.

Reported by:	Synacktiv
Reviewed by:	jhb, markj, brooks
Sponsored by:	The Alpha-Omega Project
Sponsored by:	The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D45999

(cherry picked from commit d8ff42e816)
This commit is contained in:
Ed Maste 2024-07-17 10:33:53 -04:00
parent 6fb0634bc4
commit cbbc8d6730
1 changed files with 3 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
sys/kern/sys_pipe.c
View file

@ -942,8 +942,10 @@ pipe_build_write_buffer(struct pipe *wpipe, struct uio *uio)
uio->uio_iov->iov_len -= size;
uio->uio_iov->iov_base = (char *)uio->uio_iov->iov_base + size;
if (uio->uio_iov->iov_len == 0)
if (uio->uio_iov->iov_len == 0) {
uio->uio_iov++;
uio->uio_iovcnt--;
}
uio->uio_resid -= size;
uio->uio_offset += size;
return (0);