Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/ufs/ufs Avoid potentially accessing an array with an ind...
details: https://anonhg.NetBSD.org/src/rev/09436be433ef
branches: trunk
changeset: 958123:09436be433ef
user: nia <nia%NetBSD.org@localhost>
date: Fri Dec 25 10:00:40 2020 +0000
description:
Avoid potentially accessing an array with an index out of range.
Reported-by: syzbot+8832f540234b996bc5a9%syzkaller.appspotmail.com@localhost
Reported-by: syzbot+0b785dd10d987350ecb3%syzkaller.appspotmail.com@localhost
diffstat:
sys/ufs/ufs/ufs_quota1.c | 10 ++++++++--
1 files changed, 8 insertions(+), 2 deletions(-)
diffs (38 lines):
diff -r 92d7d66d80d9 -r 09436be433ef sys/ufs/ufs/ufs_quota1.c
--- a/sys/ufs/ufs/ufs_quota1.c Fri Dec 25 09:28:56 2020 +0000
+++ b/sys/ufs/ufs/ufs_quota1.c Fri Dec 25 10:00:40 2020 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ufs_quota1.c,v 1.22 2016/06/20 00:52:04 dholland Exp $ */
+/* $NetBSD: ufs_quota1.c,v 1.23 2020/12/25 10:00:40 nia Exp $ */
/*
* Copyright (c) 1982, 1986, 1990, 1993, 1995
@@ -35,7 +35,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ufs_quota1.c,v 1.22 2016/06/20 00:52:04 dholland Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ufs_quota1.c,v 1.23 2020/12/25 10:00:40 nia Exp $");
#include <sys/param.h>
#include <sys/kernel.h>
@@ -311,6 +311,9 @@
struct pathbuf *pb;
struct nameidata nd;
+ if (type < 0 || type >= MAXQUOTAS)
+ return EINVAL;
+
if (ump->um_flags & UFS_QUOTA2) {
uprintf("%s: quotas v2 already enabled\n",
mp->mnt_stat.f_mntonname);
@@ -421,6 +424,9 @@
kauth_cred_t cred;
int i, error;
+ if (type < 0 || type >= MAXQUOTAS)
+ return EINVAL;
+
mutex_enter(&dqlock);
while ((ump->umq1_qflags[type] & (QTF_CLOSING | QTF_OPENING)) != 0)
cv_wait(&dqcv, &dqlock);
Home |
Main Index |
Thread Index |
Old Index