Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/kern Limit check for 'data_len'. Otherwise a (un)privile...
details: https://anonhg.NetBSD.org/src/rev/fe9c9b3cbc48
branches: trunk
changeset: 328476:fe9c9b3cbc48
user: maxv <maxv%NetBSD.org@localhost>
date: Fri Apr 04 06:47:02 2014 +0000
description:
Limit check for 'data_len'. Otherwise a (un)privileged user can easily
panic the system by passing a huge size.
ok christos@
diffstat:
sys/kern/vfs_syscalls.c | 13 +++++++------
1 files changed, 7 insertions(+), 6 deletions(-)
diffs (41 lines):
diff -r 3212912728a6 -r fe9c9b3cbc48 sys/kern/vfs_syscalls.c
--- a/sys/kern/vfs_syscalls.c Fri Apr 04 06:25:00 2014 +0000
+++ b/sys/kern/vfs_syscalls.c Fri Apr 04 06:47:02 2014 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: vfs_syscalls.c,v 1.477 2014/03/22 08:15:25 maxv Exp $ */
+/* $NetBSD: vfs_syscalls.c,v 1.478 2014/04/04 06:47:02 maxv Exp $ */
/*-
* Copyright (c) 2008, 2009 The NetBSD Foundation, Inc.
@@ -70,7 +70,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: vfs_syscalls.c,v 1.477 2014/03/22 08:15:25 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: vfs_syscalls.c,v 1.478 2014/04/04 06:47:02 maxv Exp $");
#ifdef _KERNEL_OPT
#include "opt_fileassoc.h"
@@ -485,10 +485,7 @@
if (data_len == 0) {
/* No length supplied, use default for filesystem */
data_len = vfsops->vfs_min_mount_data;
- if (data_len > VFS_MAX_MOUNT_DATA) {
- error = EINVAL;
- goto done;
- }
+
/*
* Hopefully a longer buffer won't make copyin() fail.
* For compatibility with 3.0 and earlier.
@@ -497,6 +494,10 @@
&& data_len < sizeof (struct mnt_export_args30))
data_len = sizeof (struct mnt_export_args30);
}
+ if (data_len > VFS_MAX_MOUNT_DATA) {
+ error = EINVAL;
+ goto done;
+ }
data_buf = kmem_alloc(data_len, KM_SLEEP);
/* NFS needs the buffer even for mnt_getargs .... */
Home |
Main Index |
Thread Index |
Old Index