From 3198cef8ccf0d9cb9a7479c0b973e604e21e62fc Mon Sep 17 00:00:00 2001 From: Simon Wilkinson Date: Fri, 30 Mar 2012 19:41:17 +0100 Subject: [PATCH] afs: Handle reading past the end of a file ... except that this change doesn't actually handle this, it just stops clang from throwing an error about the bogus code that's already in there. This needs fixed properly ... Change-Id: Ifbf190a86037fced8104ed0843dd1e7aa0b999a7 Reviewed-on: http://gerrit.openafs.org/7090 Tested-by: BuildBot Reviewed-by: Derrick Brashear --- src/afs/VNOPS/afs_vnop_read.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/src/afs/VNOPS/afs_vnop_read.c b/src/afs/VNOPS/afs_vnop_read.c index 1028e379f1..56179e9f68 100644 --- a/src/afs/VNOPS/afs_vnop_read.c +++ b/src/afs/VNOPS/afs_vnop_read.c @@ -48,7 +48,8 @@ afs_read(struct vcache *avc, struct uio *auio, afs_ucred_t *acred, afs_size_t totalLength; afs_size_t transferLength; afs_size_t filePos; - afs_size_t offset, len, tlen; + afs_size_t offset, tlen; + afs_size_t len = 0; afs_int32 trimlen; struct dcache *tdc = 0; afs_int32 error, trybusy = 1; @@ -108,6 +109,16 @@ afs_read(struct vcache *avc, struct uio *auio, afs_ucred_t *acred, * Locks held: * avc->lock(R) */ + + /* This bit is bogus. We're checking to see if the read goes past the + * end of the file. If so, we should be zeroing out all of the buffers + * that the client has passed into us (there is a danger that we may leak + * kernel memory if we do not). However, this behaviour is disabled by + * not setting len before this segment runs, and by setting len to 0 + * immediately we enter it. In addition, we also need to check for a read + * which partially goes off the end of the file in the while loop below. + */ + if (filePos >= avc->f.m.Length) { if (len > AFS_ZEROS) len = sizeof(afs_zeros); /* and in 0 buffer */