From cbcf8eee8a527134317f5665684c45a0bcbcb04b Mon Sep 17 00:00:00 2001
From: fvdl <fvdl@NetBSD.org>
Date: Sat, 24 Jun 1995 18:47:08 +0000
Subject: [PATCH] Check for invalid filedescriptors in getmsg() and putmsg().

---
 sys/compat/svr4/svr4_stream.c | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/sys/compat/svr4/svr4_stream.c b/sys/compat/svr4/svr4_stream.c
index c92db2a2780e..67caed334fba 100644
--- a/sys/compat/svr4/svr4_stream.c
+++ b/sys/compat/svr4/svr4_stream.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: svr4_stream.c,v 1.5 1995/03/31 03:06:39 christos Exp $	 */
+/*	$NetBSD: svr4_stream.c,v 1.6 1995/06/24 18:47:08 fvdl Exp $	 */
 
 /*
  * Copyright (c) 1994 Christos Zoulas
@@ -641,7 +641,7 @@ svr4_putmsg(p, uap, retval)
 	register_t				*retval;
 {
 	struct filedesc	*fdp = p->p_fd;
-	struct file	*fp = fdp->fd_ofiles[SCARG(uap, fd)];
+	struct file	*fp;
 	struct svr4_strbuf dat, ctl;
 	struct svr4_strmcmd sc;
 	struct svr4_netaddr *na;
@@ -656,6 +656,10 @@ svr4_putmsg(p, uap, retval)
 		     SCARG(uap, dat), SCARG(uap, flags));
 #endif /* DEBUG_SVR4 */
 
+	if ((u_int)SCARG(uap, fd) >= fdp->fd_nfiles ||
+	    (fp = fdp->fd_ofiles[SCARG(uap, fd)]) == NULL)
+		return EBADF;
+
 	if (SCARG(uap, ctl) != NULL) {
 		if ((error = copyin(SCARG(uap, ctl), &ctl, sizeof(ctl))) != 0)
 			return error;
@@ -754,7 +758,7 @@ svr4_getmsg(p, uap, retval)
 	register_t				*retval;
 {
 	struct filedesc	*fdp = p->p_fd;
-	struct file	*fp = fdp->fd_ofiles[SCARG(uap, fd)];
+	struct file	*fp;
 	struct getpeername_args ga;
 	struct svr4_strbuf dat, ctl;
 	struct svr4_strmcmd sc;
@@ -776,6 +780,10 @@ svr4_getmsg(p, uap, retval)
 		     SCARG(uap, dat), 0);
 #endif /* DEBUG_SVR4 */
 			
+	if ((u_int)SCARG(uap, fd) >= fdp->fd_nfiles ||
+	    (fp = fdp->fd_ofiles[SCARG(uap, fd)]) == NULL)
+		return EBADF;
+
 	if (SCARG(uap, ctl) != NULL) {
 		if ((error = copyin(SCARG(uap, ctl), &ctl, sizeof(ctl))) != 0)
 			return error;