[src/trunk]: src/usr.bin/kdump Don't enter infinite loop on big ktr_len values.

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/trunk]: src/usr.bin/kdump Don't enter infinite loop on big ktr_len values.
From: alnsn <alnsn%NetBSD.org@localhost>
Date: Tue, 31 Jul 2018 20:04:24 +0000

details:   https://anonhg.NetBSD.org/src/rev/ed2cf5e97f0d
branches:  trunk
changeset: 344422:ed2cf5e97f0d
user:      alnsn <alnsn%NetBSD.org@localhost>
date:      Sun Mar 27 21:51:20 2016 +0000

description:
Don't enter infinite loop on big ktr_len values.

Fixes PR 49460.

diffstat:

 usr.bin/kdump/kdump.c |  13 +++++++------
 1 files changed, 7 insertions(+), 6 deletions(-)

diffs (55 lines):

diff -r 09cbf6e7c223 -r ed2cf5e97f0d usr.bin/kdump/kdump.c
--- a/usr.bin/kdump/kdump.c     Sun Mar 27 17:17:59 2016 +0000
+++ b/usr.bin/kdump/kdump.c     Sun Mar 27 21:51:20 2016 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: kdump.c,v 1.122 2016/01/04 08:24:42 martin Exp $       */
+/*     $NetBSD: kdump.c,v 1.123 2016/03/27 21:51:20 alnsn Exp $        */
 
 /*-
  * Copyright (c) 1988, 1993
@@ -39,7 +39,7 @@
 #if 0
 static char sccsid[] = "@(#)kdump.c    8.4 (Berkeley) 4/28/95";
 #else
-__RCSID("$NetBSD: kdump.c,v 1.122 2016/01/04 08:24:42 martin Exp $");
+__RCSID("$NetBSD: kdump.c,v 1.123 2016/03/27 21:51:20 alnsn Exp $");
 #endif
 #endif /* not lint */
 
@@ -109,7 +109,7 @@
 static void    ktrsyscall(struct ktr_syscall *);
 static void    ktrsysret(struct ktr_sysret *, int);
 static void    ktrnamei(char *, int);
-static void    ktremul(char *, int, int);
+static void    ktremul(char *, size_t, size_t);
 static void    ktrgenio(struct ktr_genio *, int);
 static void    ktrpsig(void *, int);
 static void    ktrcsw(struct ktr_csw *);
@@ -126,7 +126,8 @@
 int
 main(int argc, char **argv)
 {
-       int ch, ktrlen, size;
+       unsigned int ktrlen, size;
+       int ch;
        void *m;
        int trpoints = 0;
        int trset = 0;
@@ -249,7 +250,7 @@
                        col = dumpheader(&ktr_header);
                else
                        col = -1;
-               if ((ktrlen = ktr_header.ktr_len) < 0)
+               if ((ktrlen = ktr_header.ktr_len) > INT_MAX)
                        errx(1, "bogus length 0x%x", ktrlen);
                if (ktrlen > size) {
                        while (ktrlen > size)
@@ -751,7 +752,7 @@
 }
 
 static void
-ktremul(char *name, int len, int bufsize)
+ktremul(char *name, size_t len, size_t bufsize)
 {
 
        if (len >= bufsize)

Prev by Date: [src/trunk]: src/tests/bin/sh/dotcmd Allow for testing other than /bin/sh usi...
Next by Date: [src/trunk]: src/tests/net/route Make outputs informative on failure
Previous by Thread: [src/trunk]: src/tests/bin/sh/dotcmd Allow for testing other than /bin/sh usi...
Next by Thread: [src/trunk]: src/tests/net/route Make outputs informative on failure
Indexes:

Home | Main Index | Thread Index | Old Index