From 383f169d4a7b378b69285f74d294ca502c0bdba3 Mon Sep 17 00:00:00 2001
From: "Andrey A. Chernov" <ache@FreeBSD.org>
Date: Tue, 21 Aug 2001 21:20:42 +0000
Subject: [PATCH] Make lseek() POSIXed: for non character special files

1) handle off_t overflow with EOVERFLOW
2) handle negative offsets with EINVAL

Reviewed by:	arch discussion
---
 sys/kern/vfs_extattr.c  | 25 ++++++++++++++++++++-----
 sys/kern/vfs_syscalls.c | 25 ++++++++++++++++++++-----
 2 files changed, 40 insertions(+), 10 deletions(-)

diff --git a/sys/kern/vfs_extattr.c b/sys/kern/vfs_extattr.c
index 086fd167ae24..06f70d8706af 100644
--- a/sys/kern/vfs_extattr.c
+++ b/sys/kern/vfs_extattr.c
@@ -1615,29 +1615,44 @@ lseek(p, uap)
 	register struct filedesc *fdp = p->p_fd;
 	register struct file *fp;
 	struct vattr vattr;
-	int error;
+	struct vnode *vp;
+	off_t offset;
+	int error, noneg;
 
 	if ((u_int)SCARG(uap, fd) >= fdp->fd_nfiles ||
 	    (fp = fdp->fd_ofiles[SCARG(uap, fd)]) == NULL)
 		return (EBADF);
 	if (fp->f_type != DTYPE_VNODE)
 		return (ESPIPE);
+	vp = (struct vnode *)fp->f_data;
+	noneg = (vp->v_type != VCHR);
+	offset = SCARG(uap, offset);
 	switch (SCARG(uap, whence)) {
 	case L_INCR:
-		fp->f_offset += SCARG(uap, offset);
+		if (noneg &&
+		    ((offset > 0 && fp->f_offset > OFF_MAX - offset) ||
+		     (offset < 0 && fp->f_offset < OFF_MIN - offset)))
+			return (EOVERFLOW);
+		offset += fp->f_offset;
 		break;
 	case L_XTND:
-		error=VOP_GETATTR((struct vnode *)fp->f_data, &vattr, cred, p);
+		error = VOP_GETATTR(vp, &vattr, cred, p);
 		if (error)
 			return (error);
-		fp->f_offset = SCARG(uap, offset) + vattr.va_size;
+		if (noneg &&
+		    ((offset > 0 && vattr.va_size > OFF_MAX - offset) ||
+		     (offset < 0 && vattr.va_size < OFF_MIN - offset)))
+			return (EOVERFLOW);
+		offset += vattr.va_size;
 		break;
 	case L_SET:
-		fp->f_offset = SCARG(uap, offset);
 		break;
 	default:
 		return (EINVAL);
 	}
+	if (noneg && offset < 0)
+		return (EINVAL);
+	fp->f_offset = offset;
 	*(off_t *)(p->p_retval) = fp->f_offset;
 	return (0);
 }
diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c
index 086fd167ae24..06f70d8706af 100644
--- a/sys/kern/vfs_syscalls.c
+++ b/sys/kern/vfs_syscalls.c
@@ -1615,29 +1615,44 @@ lseek(p, uap)
 	register struct filedesc *fdp = p->p_fd;
 	register struct file *fp;
 	struct vattr vattr;
-	int error;
+	struct vnode *vp;
+	off_t offset;
+	int error, noneg;
 
 	if ((u_int)SCARG(uap, fd) >= fdp->fd_nfiles ||
 	    (fp = fdp->fd_ofiles[SCARG(uap, fd)]) == NULL)
 		return (EBADF);
 	if (fp->f_type != DTYPE_VNODE)
 		return (ESPIPE);
+	vp = (struct vnode *)fp->f_data;
+	noneg = (vp->v_type != VCHR);
+	offset = SCARG(uap, offset);
 	switch (SCARG(uap, whence)) {
 	case L_INCR:
-		fp->f_offset += SCARG(uap, offset);
+		if (noneg &&
+		    ((offset > 0 && fp->f_offset > OFF_MAX - offset) ||
+		     (offset < 0 && fp->f_offset < OFF_MIN - offset)))
+			return (EOVERFLOW);
+		offset += fp->f_offset;
 		break;
 	case L_XTND:
-		error=VOP_GETATTR((struct vnode *)fp->f_data, &vattr, cred, p);
+		error = VOP_GETATTR(vp, &vattr, cred, p);
 		if (error)
 			return (error);
-		fp->f_offset = SCARG(uap, offset) + vattr.va_size;
+		if (noneg &&
+		    ((offset > 0 && vattr.va_size > OFF_MAX - offset) ||
+		     (offset < 0 && vattr.va_size < OFF_MIN - offset)))
+			return (EOVERFLOW);
+		offset += vattr.va_size;
 		break;
 	case L_SET:
-		fp->f_offset = SCARG(uap, offset);
 		break;
 	default:
 		return (EINVAL);
 	}
+	if (noneg && offset < 0)
+		return (EINVAL);
+	fp->f_offset = offset;
 	*(off_t *)(p->p_retval) = fp->f_offset;
 	return (0);
 }