[src/netbsd-3-0]: src/sys/netiso Pull up following revision(s) (requested by ...

[bouyer <bouyer%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/417f41d8588a
branches:  netbsd-3-0
changeset: 579351:417f41d8588a
user:      bouyer <bouyer%NetBSD.org@localhost>
date:      Fri Nov 24 21:46:07 2006 +0000

description:
Pull up following revision(s) (requested by is in ticket #1593):
        sys/netiso/esis.c: revision 1.42
Check parameters to avoid potential panic root user.
Patch checked by chopps@.

diffstat:

 sys/netiso/esis.c |  14 ++++++++++++--
 1 files changed, 12 insertions(+), 2 deletions(-)

diffs (35 lines):

diff -r 70fe6c513249 -r 417f41d8588a sys/netiso/esis.c
--- a/sys/netiso/esis.c Fri Nov 24 21:39:02 2006 +0000
+++ b/sys/netiso/esis.c Fri Nov 24 21:46:07 2006 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: esis.c,v 1.33 2005/02/26 22:39:49 perry Exp $  */
+/*     $NetBSD: esis.c,v 1.33.4.1 2006/11/24 21:46:07 bouyer Exp $     */
 
 /*-
  * Copyright (c) 1991, 1993
@@ -59,7 +59,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: esis.c,v 1.33 2005/02/26 22:39:49 perry Exp $");
+__KERNEL_RCSID(0, "$NetBSD: esis.c,v 1.33.4.1 2006/11/24 21:46:07 bouyer Exp $");
 
 #include "opt_iso.h"
 #ifdef ISO
@@ -1106,6 +1106,16 @@
        sdl = va_arg(ap, struct sockaddr_dl *);
        va_end(ap);
 
+       /* we assume here we have a sockaddr_dl ... check it */
+       if (sdl->sdl_family != AF_LINK) {
+               error = EINVAL;
+               goto release;
+       }
+       if (sdl->sdl_len < 8 + sdl->sdl_nlen + sdl->sdl_alen + sdl->sdl_slen) {
+               error = EINVAL;
+               goto release;
+       }
+
        ifa = ifa_ifwithnet((struct sockaddr *) sdl);   /* get ifp from sdl */
        if (ifa == 0) {
 #ifdef ARGO_DEBUG