From c0b6e0f5ae8831878d11646c6bd9dc4fec703029 Mon Sep 17 00:00:00 2001 From: Matthew Dillon Date: Tue, 8 Sep 2009 14:31:20 -0700 Subject: [PATCH] NFS - Fix panic if the readdir base offset is beyond the directory EOF * A calculation could cause an signed underflow into unsigned if the base offset in a getdirentries call exceeds the directory EOF offset. --- sys/vfs/nfs/nfs_bio.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/sys/vfs/nfs/nfs_bio.c b/sys/vfs/nfs/nfs_bio.c index 7779e194a5..96ff2f8239 100644 --- a/sys/vfs/nfs/nfs_bio.c +++ b/sys/vfs/nfs/nfs_bio.c @@ -635,9 +635,15 @@ nfs_bioread(struct vnode *vp, struct uio *uio, int ioflag) * being VMIO ) later. So we keep track of the directory eof * in np->n_direofoffset and chop it off as an extra step * right here. + * + * NOTE: boff could already be beyond EOF. */ - n = szmin(uio->uio_resid, - NFS_DIRBLKSIZ - bp->b_resid - (size_t)boff); + if ((size_t)boff > NFS_DIRBLKSIZ - bp->b_resid) { + n = 0; + } else { + n = szmin(uio->uio_resid, + NFS_DIRBLKSIZ - bp->b_resid - (size_t)boff); + } if (np->n_direofoffset && n > (size_t)(np->n_direofoffset - uio->uio_offset)) { n = (size_t)(np->n_direofoffset - uio->uio_offset); -- 2.11.4.GIT