Fixed bug while copying args in mount that may cause a crash.

Types changes and so.

diff --git a/sys/miscfs/umapfs/umap.h b/sys/miscfs/umapfs/umap.h
index 955d209..07ffa6b 100644 (file)
--- a/sys/miscfs/umapfs/umap.h
+++ b/sys/miscfs/umapfs/umap.h
@@ -1,4 +1,4 @@
-/*     $OpenBSD: umap.h,v 1.4 1996/03/02 00:08:02 niklas Exp $ */
+/*     $OpenBSD: umap.h,v 1.5 1996/03/25 18:02:55 mickey Exp $ */
 /*     $NetBSD: umap.h,v 1.6 1996/02/09 22:41:00 christos Exp $        */
 
 /*
@@ -40,27 +40,30 @@
  *     @(#)umap.h      8.3 (Berkeley) 1/21/94
  */
 
-#define MAPFILEENTRIES 64
+#define UMAPFILEENTRIES 64
 #define GMAPFILEENTRIES 16
 #define NOBODY 32767
 #define NULLGROUP 65534
 
+typedef        u_int32_t       id_t;
+typedef        id_t            (*id_map_t)[2];
+
 struct umap_args {
-       char            *target;        /* Target of loopback  */
-       int             nentries;       /* # of entries in user map array */
-       int             gnentries;      /* # of entries in group map array */
-       u_long          (*mapdata)[2];  /* pointer to array of user mappings */
-       u_long          (*gmapdata)[2]; /* pointer to array of group mappings */
+       char    *target;        /* Target of loopback  */
+       int     unentries;      /* # of entries in user map array */
+       int     gnentries;      /* # of entries in group map array */
+       id_map_t umapdata;      /* pointer to array of user mappings */
+       id_map_t gmapdata;      /* pointer to array of group mappings */
 };
 
 struct umap_mount {
        struct mount    *umapm_vfs;
        struct vnode    *umapm_rootvp;  /* Reference to root umap_node */
-       int             info_nentries;  /* number of uid mappings */
+       int             info_unentries; /* number of uid mappings */
        int             info_gnentries; /* number of gid mappings */
-       u_long          info_mapdata[MAPFILEENTRIES][2]; /* mapping data for 
+       id_t            info_umapdata[UMAPFILEENTRIES][2]; /* mapping data for 
            user mapping in ficus */
-       u_long          info_gmapdata[GMAPFILEENTRIES][2]; /*mapping data for 
+       id_t            info_gmapdata[GMAPFILEENTRIES][2]; /*mapping data for 
            group mapping in ficus */
 };
 
@@ -74,9 +77,9 @@ struct umap_node {
        struct vnode    *umap_vnode;    /* Back pointer to vnode/umap_node */
 };
 
-extern int umap_node_create __P((struct mount *mp, struct vnode *target, struct vnode **vpp));
-extern u_long umap_reverse_findid __P((u_long id, u_long map[][2], int nentries));
-extern void umap_mapids __P((struct mount *v_mount, struct ucred *credp));
+extern int     umap_node_create __P((struct mount *mp, struct vnode *target, struct vnode **vpp));
+extern id_t    umap_reverse_findid __P((id_t id, id_map_t, int nentries));
+extern void    umap_mapids __P((struct mount *v_mount, struct ucred *credp));
 
 #define        MOUNTTOUMAPMOUNT(mp) ((struct umap_mount *)((mp)->mnt_data))
 #define        VTOUMAP(vp) ((struct umap_node *)(vp)->v_data)

diff --git a/sys/miscfs/umapfs/umap_subr.c b/sys/miscfs/umapfs/umap_subr.c
index 45f555e..744785e 100644 (file)
--- a/sys/miscfs/umapfs/umap_subr.c
+++ b/sys/miscfs/umapfs/umap_subr.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: umap_subr.c,v 1.5 1996/03/19 21:10:42 mickey Exp $    */
+/*     $OpenBSD: umap_subr.c,v 1.6 1996/03/25 18:02:56 mickey Exp $    */
 /*     $NetBSD: umap_subr.c,v 1.7 1996/02/09 22:41:02 christos Exp $   */
 
 /*
@@ -67,7 +67,7 @@
 LIST_HEAD(umap_node_hashhead, umap_node) *umap_node_hashtbl;
 u_long umap_node_hash;
 
-static u_long umap_findid __P((u_long, u_long [][2], int));
+static id_t umap_findid __P((id_t, id_map_t, int));
 static struct vnode *umap_node_find __P((struct mount *, struct vnode *));
 static int umap_node_alloc __P((struct mount *, struct vnode *,
                                struct vnode **));
@@ -89,15 +89,15 @@ umapfs_init()
  * umap_findid is called by various routines in umap_vnodeops.c to
  * find a user or group id in a map.
  */
-static u_long
+static id_t
 umap_findid(id, map, nentries)
-       u_long id;
-       u_long map[][2];
-       int nentries;
+       id_t    id;
+       id_map_t map;
+       int     nentries;
 {
        int i;
 
-       /* Find uid entry in map */
+       /* Find {g,u}id entry in map */
        i = 0;
        while ((i<nentries) && ((map[i][0]) != id))
                i++;
@@ -113,11 +113,11 @@ umap_findid(id, map, nentries)
  * umap_reverse_findid is called by umap_getattr() in umap_vnodeops.c to
  * find a user or group id in a map, in reverse.
  */
-u_long
+id_t
 umap_reverse_findid(id, map, nentries)
-       u_long id;
-       u_long map[][2];
-       int nentries;
+       id_t    id;
+       id_map_t map;
+       int     nentries;
 {
        int i;
 
@@ -396,18 +396,18 @@ umap_mapids(v_mount, credp)
        struct mount *v_mount;
        struct ucred *credp;
 {
-       int i, unentries, gnentries;
-       uid_t uid;
-       gid_t gid;
-       u_long (*usermap)[2], (*groupmap)[2];
+       int     i, unentries, gnentries;
+       uid_t   uid;
+       gid_t   gid;
+       id_map_t usermap, groupmap;
 
        if (credp == NOCRED)
                return;
 
-       unentries =  MOUNTTOUMAPMOUNT(v_mount)->info_nentries;
-       usermap =  MOUNTTOUMAPMOUNT(v_mount)->info_mapdata;
+       unentries =  MOUNTTOUMAPMOUNT(v_mount)->info_unentries;
+       usermap   =  MOUNTTOUMAPMOUNT(v_mount)->info_umapdata;
        gnentries =  MOUNTTOUMAPMOUNT(v_mount)->info_gnentries;
-       groupmap =  MOUNTTOUMAPMOUNT(v_mount)->info_gmapdata;
+       groupmap  =  MOUNTTOUMAPMOUNT(v_mount)->info_gmapdata;
 
        /* Find uid entry in map */
 

diff --git a/sys/miscfs/umapfs/umap_vfsops.c b/sys/miscfs/umapfs/umap_vfsops.c
index e12c7fb..cfc47b3 100644 (file)
--- a/sys/miscfs/umapfs/umap_vfsops.c
+++ b/sys/miscfs/umapfs/umap_vfsops.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: umap_vfsops.c,v 1.4 1996/03/19 21:10:43 mickey Exp $  */
+/*     $OpenBSD: umap_vfsops.c,v 1.5 1996/03/25 18:02:57 mickey Exp $  */
 /*     $NetBSD: umap_vfsops.c,v 1.9 1996/02/09 22:41:05 christos Exp $ */
 
 /*
@@ -85,7 +85,7 @@ umapfs_mount(mp, path, data, ndp, p)
        struct vnode *umapm_rootvp;
        struct umap_mount *amp;
        size_t size;
-       int error,i;
+       int     error,i;
 
 #ifdef UMAPFS_DIAGNOSTIC
        printf("umapfs_mount(mp = %x)\n", mp);
@@ -144,22 +144,22 @@ umapfs_mount(mp, path, data, ndp, p)
        /* 
         * Now copy in the number of entries and maps for umap mapping.
         */
-       amp->info_nentries = args.nentries;
+       amp->info_unentries = args.unentries;
        amp->info_gnentries = args.gnentries;
-       error = copyin(args.mapdata, (caddr_t)amp->info_mapdata, 
-           2*sizeof(u_long)*args.nentries);
+       error = copyin(args.umapdata, (caddr_t)amp->info_umapdata, 
+           2*sizeof(**amp->info_umapdata)*args.unentries);
        if (error)
                return (error);
 
 #ifdef UMAPFS_DIAGNOSTIC
-       printf("umap_mount:nentries %d\n",args.nentries);
+       printf("umap_mount:unentries %d\n",args.unentries);
        for (i = 0; i < args.nentries; i++)
-               printf("   %d maps to %d\n", amp->info_mapdata[i][0],
-                   amp->info_mapdata[i][1]);
+               printf("   %d maps to %d\n", amp->info_umapdata[i][0],
+                   amp->info_umapdata[i][1]);
 #endif
 
        error = copyin(args.gmapdata, (caddr_t)amp->info_gmapdata, 
-           2*sizeof(u_long)*args.nentries);
+           2*sizeof(**amp->info_gmapdata)*args.gnentries);
        if (error)
                return (error);
 

diff --git a/sys/miscfs/umapfs/umap_vnops.c b/sys/miscfs/umapfs/umap_vnops.c
index 849cfb8..bc5a089 100644 (file)
--- a/sys/miscfs/umapfs/umap_vnops.c
+++ b/sys/miscfs/umapfs/umap_vnops.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: umap_vnops.c,v 1.3 1996/02/29 13:08:07 niklas Exp $   */
+/*     $OpenBSD: umap_vnops.c,v 1.4 1996/03/25 18:02:58 mickey Exp $   */
 /*     $NetBSD: umap_vnops.c,v 1.5 1996/02/09 22:41:06 christos Exp $  */
 
 /*
@@ -304,13 +304,12 @@ umap_getattr(v)
                struct ucred *a_cred;
                struct proc *a_p;
        } */ *ap = v;
-       uid_t uid;
-       gid_t gid;
-       int error, tmpid, nentries, gnentries;
-       u_long (*mapdata)[2];
-       u_long (*gmapdata)[2];
-       struct vnode **vp1p;
-       struct vnodeop_desc *descp = ap->a_desc;
+       uid_t   uid;
+       gid_t   gid;
+       int     error, tmpid, unentries, gnentries;
+       id_map_t        umapdata, gmapdata;
+       struct vnode    **vp1p;
+       struct vnodeop_desc     *descp = ap->a_desc;
 
        if ((error = umap_bypass(ap)) != 0)
                return (error);
@@ -337,15 +336,15 @@ umap_getattr(v)
                    gid);
 
        vp1p = VOPARG_OFFSETTO(struct vnode**, descp->vdesc_vp_offsets[0], ap);
-       nentries =  MOUNTTOUMAPMOUNT((*vp1p)->v_mount)->info_nentries;
-       mapdata =  (MOUNTTOUMAPMOUNT((*vp1p)->v_mount)->info_mapdata);
+       unentries =  MOUNTTOUMAPMOUNT((*vp1p)->v_mount)->info_unentries;
+       umapdata  = (MOUNTTOUMAPMOUNT((*vp1p)->v_mount)->info_umapdata);
        gnentries =  MOUNTTOUMAPMOUNT((*vp1p)->v_mount)->info_gnentries;
-       gmapdata =  (MOUNTTOUMAPMOUNT((*vp1p)->v_mount)->info_gmapdata);
+       gmapdata  = (MOUNTTOUMAPMOUNT((*vp1p)->v_mount)->info_gmapdata);
 
        /* Reverse map the uid for the vnode.  Since it's a reverse
                map, we can't use umap_mapids() to do it. */
 
-       tmpid = umap_reverse_findid(uid, mapdata, nentries);
+       tmpid = umap_reverse_findid(uid, umapdata, unentries);
 
        if (tmpid != -1) {
                ap->a_vap->va_uid = (uid_t) tmpid;
@@ -478,7 +477,7 @@ umap_rename(v)
 
        /*
         * Rename is irregular, having two componentname structures.
-        * We need to map the cre in the second structure,
+        * We need to map the cred in the second structure,
         * and then bypass takes care of the rest.
         */