ref: 74e56dbf3584ec61637d31618e171a18058f0946
parent: c8c97919b2b89a8eb5a7d52b03bfb8a634098faf
author: cinap_lenrek <cinap_lenrek@felloff.net>
date: Sun Jan 15 14:42:10 EST 2023
devsd: fix wrong range check for subunit number
--- a/sys/src/9/port/devsd.c
+++ b/sys/src/9/port/devsd.c
@@ -271,6 +271,9 @@
SDunit *unit;
char buf[32];
+ if(subno < 0 || subno >= sdev->nunit)
+ return nil;
+
/*
* Associate a unit with a given device and sub-unit
* number on that device.
@@ -278,11 +281,6 @@
* successfully accessed.
*/
qlock(&sdev->unitlock);
- if(subno > sdev->nunit){- qunlock(&sdev->unitlock);
- return nil;
- }
-
unit = sdev->unit[subno];
if(unit == nil){/*
@@ -313,7 +311,7 @@
* called before the unit is made available in the
* sdunit[] array.
*/
- if(sdev->enabled == 0 || unit->dev->ifc->verify(unit) == 0){+ if(sdev->enabled == 0 || sdev->ifc->verify(unit) == 0){poperror();
Error:
qunlock(&sdev->unitlock);
@@ -544,11 +542,10 @@
incref(&sdev->r);
qunlock(&devslock);
- if((unit = sdev->unit[s]) == nil)
- if((unit = sdgetunit(sdev, s)) == nil){- decref(&sdev->r);
- return 0;
- }
+ if((unit = sdgetunit(sdev, s)) == nil){+ decref(&sdev->r);
+ return 0;
+ }
mkqid(&q, QID(sdev->idno, s, 0, Qunitdir), 0, QTDIR);
if(emptystr(unit->user))
@@ -1633,8 +1630,8 @@
if(sdev->enabled && sdev->ifc->disable)
sdev->ifc->disable(sdev);
- for(i = 0; i != sdev->nunit; i++){- if(unit = sdev->unit[i]){+ for(i = 0; i < sdev->nunit; i++){+ if((unit = sdev->unit[i]) != nil){free(unit->name);
free(unit->user);
free(unit);