From 9ead904afef8d060c2cc5cee6bd8e8d223de8c40 Mon Sep 17 00:00:00 2001
From: Xi Wang <xi@cs.washington.edu>
Date: Thu, 19 Sep 2019 10:31:04 -0700
Subject: [PATCH] fix major validation

fileread/filewrite should validate major to avoid buffer overflows
or bogus function pointers.
---
 kernel/file.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/kernel/file.c b/kernel/file.c
index fc87c09..116eb97 100644
--- a/kernel/file.c
+++ b/kernel/file.c
@@ -114,6 +114,8 @@ fileread(struct file *f, uint64 addr, int n)
   if(f->type == FD_PIPE){
     r = piperead(f->pipe, addr, n);
   } else if(f->type == FD_DEVICE){
+    if(f->major < 0 || f->major >= NDEV || !devsw[f->major].read)
+      return -1;
     r = devsw[f->major].read(1, addr, n);
   } else if(f->type == FD_INODE){
     ilock(f->ip);
@@ -140,6 +142,8 @@ filewrite(struct file *f, uint64 addr, int n)
   if(f->type == FD_PIPE){
     ret = pipewrite(f->pipe, addr, n);
   } else if(f->type == FD_DEVICE){
+    if(f->major < 0 || f->major >= NDEV || !devsw[f->major].write)
+      return -1;
     ret = devsw[f->major].write(1, addr, n);
   } else if(f->type == FD_INODE){
     // write a few blocks at a time to avoid exceeding