From: Oliver Kurth Date: Fri, 15 Sep 2017 18:23:01 +0000 (-0700) Subject: Hgfs Server: write ops clean up for security fixes X-Git-Tag: stable-10.2.0~560 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=357d2011d6221c5ade35d6b4a71c63192df1ce68;p=thirdparty%2Fopen-vm-tools.git Hgfs Server: write ops clean up for security fixes Very minor write ops clean up for security fixes which renames the arguments and local variables to be more consistent. This is in preparation for moving some of the common argument checks into a common routine and enhancing the checks to verify the write data size and buffer. --- diff --git a/open-vm-tools/lib/hgfsServer/hgfsServerInt.h b/open-vm-tools/lib/hgfsServer/hgfsServerInt.h index 51dc860e0..7dd709ffd 100644 --- a/open-vm-tools/lib/hgfsServer/hgfsServerInt.h +++ b/open-vm-tools/lib/hgfsServer/hgfsServerInt.h @@ -750,11 +750,11 @@ HgfsPlatformReadFile(fileDesc readFile, // IN: file descriptor HgfsInternalStatus HgfsPlatformWriteFile(HgfsHandle file, // IN: Hgfs file handle HgfsSessionInfo *session, // IN: session info - uint64 offset, // IN: file offset to write to - uint32 requiredSize, // IN: length of data to write - HgfsWriteFlags flags, // IN: write flags - const void *payload, // IN: data to be written - uint32 *actualSize); // OUT: actual length written + uint64 writeOffset, // IN: file offset to write to + uint32 writeDataSize, // IN: length of data to write + HgfsWriteFlags writeFlags, // IN: write flags + const void *writeData, // IN: data to be written + uint32 *writtenSize); // OUT: byte length written HgfsInternalStatus HgfsPlatformWriteWin32Stream(HgfsHandle file, // IN: packet header char *dataToWrite, // IN: data to write diff --git a/open-vm-tools/lib/hgfsServer/hgfsServerLinux.c b/open-vm-tools/lib/hgfsServer/hgfsServerLinux.c index 11496f165..9c6ec1e75 100644 --- a/open-vm-tools/lib/hgfsServer/hgfsServerLinux.c +++ b/open-vm-tools/lib/hgfsServer/hgfsServerLinux.c @@ -4242,38 +4242,38 @@ HgfsPlatformReadFile(fileDesc file, // IN: file descriptor HgfsInternalStatus HgfsPlatformWriteFile(HgfsHandle file, // IN: Hgfs file handle HgfsSessionInfo *session, // IN: session info - uint64 offset, // IN: file offset to write to - uint32 requiredSize, // IN: length of data to write - HgfsWriteFlags flags, // IN: write flags - const void *payload, // IN: data to be written - uint32 *actualSize) // OUT: actual length written + uint64 writeOffset, // IN: file offset to write to + uint32 writeDataSize, // IN: length of data to write + HgfsWriteFlags writeFlags, // IN: write flags + const void *writeData, // IN: data to be written + uint32 *writtenSize) // OUT: actual length written { HgfsInternalStatus status; - int fd; + int writeFd; int error = 0; - Bool sequentialOpen; + Bool writeSequential; - LOG(4, ("%s: write fh %u, offset %"FMT64"u, count %u\n", - __FUNCTION__, file, offset, requiredSize)); + LOG(4, ("%s: write fh %u offset %"FMT64"u, count %u\n", + __FUNCTION__, file, writeOffset, writeDataSize)); /* Get the file desriptor from the cache */ status = HgfsPlatformGetFd(file, session, - ((flags & HGFS_WRITE_APPEND) ? TRUE : FALSE), - &fd); + ((writeFlags & HGFS_WRITE_APPEND) ? TRUE : FALSE), + &writeFd); if (status != 0) { LOG(4, ("%s: Could not get file descriptor\n", __FUNCTION__)); return status; } - if (!HgfsHandleIsSequentialOpen(file, session, &sequentialOpen)) { + if (!HgfsHandleIsSequentialOpen(file, session, &writeSequential)) { LOG(4, ("%s: Could not get sequential open status\n", __FUNCTION__)); return EBADF; } #if !defined(sun) - if (!sequentialOpen) { - status = HgfsWriteCheckIORange(offset, requiredSize); + if (!writeSequential) { + status = HgfsWriteCheckIORange(writeOffset, writeDataSize); if (status != 0) { return status; } @@ -4282,25 +4282,25 @@ HgfsPlatformWriteFile(HgfsHandle file, // IN: Hgfs file handle #if defined(__linux__) /* Write to the file. */ - if (sequentialOpen) { - error = write(fd, payload, requiredSize); + if (writeSequential) { + error = write(writeFd, writeData, writeDataSize); } else { - error = pwrite(fd, payload, requiredSize, offset); + error = pwrite(writeFd, writeData, writeDataSize, writeOffset); } #elif defined(__APPLE__) { - Bool appendMode; + Bool writeAppend; - if (!HgfsHandle2AppendFlag(file, session, &appendMode)) { + if (!HgfsHandle2AppendFlag(file, session, &writeAppend)) { LOG(4, ("%s: Could not get append mode\n", __FUNCTION__)); return EBADF; } /* Write to the file. */ - if (sequentialOpen || appendMode) { - error = write(fd, payload, requiredSize); + if (writeSequential || writeAppend) { + error = write(writeFd, writeData, writeDataSize); } else { - error = pwrite(fd, payload, requiredSize, offset); + error = pwrite(writeFd, writeData, writeDataSize, writeOffset); } } #else @@ -4310,27 +4310,27 @@ HgfsPlatformWriteFile(HgfsHandle file, // IN: Hgfs file handle */ MXUser_AcquireExclLock(session->fileIOLock); - if (!sequentialOpen) { + if (!writeSequential) { # ifdef linux { uint64 res; # if !defined(VM_X86_64) - error = _llseek(fd, offset >> 32, offset & 0xFFFFFFFF, &res, 0); + error = _llseek(writeFd, writeOffset >> 32, writeOffset & 0xFFFFFFFF, &res, 0); # else - error = llseek(fd, offset >> 32, offset & 0xFFFFFFFF, &res, 0); + error = llseek(writeFd, writeOffset >> 32, writeOffset & 0xFFFFFFFF, &res, 0); # endif } # else - error = lseek(fd, offset, 0); + error = lseek(writeFd, writeOffset, 0); # endif } if (error < 0) { LOG(4, ("%s: could not seek to %"FMT64"u: %s\n", __FUNCTION__, - offset, strerror(errno))); + writeOffset, strerror(errno))); } else { - error = write(fd, payload, requiredSize); + error = write(writeFd, writeData, writeDataSize); } { int savedErr = errno; @@ -4344,8 +4344,8 @@ HgfsPlatformWriteFile(HgfsHandle file, // IN: Hgfs file handle LOG(4, ("%s: error writing to file: %s\n", __FUNCTION__, strerror(status))); } else { - LOG(4, ("%s: wrote %d bytes\n", __FUNCTION__, error)); - *actualSize = error; + *writtenSize = error; + LOG(4, ("%s: wrote %d bytes\n", __FUNCTION__, *writtenSize)); } return status; }