kernal bug in flock

[fred at nmtvax.UUCP]

> Subject: flock panics kernel when given invalid parameter
>
> Index:	sys/sys/kern_descrip.c 4.2BSD
>
> Description:
> 	The flock system call can cause the 4.2 kernel to panic when
> 	given an invalid second parameter.  This occurs only when the
> 	file in question is already locked with LOCK_SH and a second
> 	call to flock where the second parameter does not contain any
> 	of (LOCK_UN|LOCK_EX|LOCK_SH) set.
>
> Repeat-By:
> 	The problem can be shown with:
> 		...
> 	flock(fd, LOCK_SH);
> 		...
> 	flock(fd, 0);
> 		...
>
> Fix:
> 	The following context diff of kern_descrip.c prevents the panics:
> 
> *** kern_descrip.c	Mon Apr  9 08:16:14 1984
> --- /sys/sys/kern_descrip.c	Wed Mar 28 14:35:47 1984
> ***************
> *** 405,414
>   		u.u_error = EOPNOTSUPP;
>   		return;
>   	}
> - 	if ((uap->how & (LOCK_UN|LOCK_EX|LOCK_SH){
> - 		u.u_error = EINVAL;			/* ??? */
> - 		return;
> - 	}
>   	if (uap->how & LOCK_UN) {
>   		ino_unlock(fp, FSHLOCK|FEXLOCK);
>   		return;
> --- 405,410 -----
>   		u.u_error = EOPNOTSUPP;
>   		return;
>   	}
>   	if (uap->how & LOCK_UN) {
>   		ino_unlock(fp, FSHLOCK|FEXLOCK);
>   		return;

I found that the above fix was obviously not tested by the person who
posted it. The fix had both a syntax error and a logic error.
The fix should have been:

- 	if (!(uap->how & (LOCK_UN|LOCK_EX|LOCK_SH))){
- 		u.u_error = EINVAL;			/* ??? */
- 		return;
- 	}


            Fred Romelfanger
            Computer Science Department
            New Mexico Tech

            ..!ucbvax!unmvax!nmtvax!fred    (uucp)
            ..!cmcl2!lanl-a!nmtvax!fred     (uucp)
            fred.nmt at rand-relay             (arpa)
            fred at nmt                        (CSnet)