[src/trunk]: src/sys/coda bound check the vi.in_size in venus_ioctl()

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/trunk]: src/sys/coda bound check the vi.in_size in venus_ioctl()
From: jdolecek <jdolecek%NetBSD.org@localhost>
Date: Fri, 24 Jan 2020 09:35:37 +0000

details:   https://anonhg.NetBSD.org/src/rev/77b6ffac143e
branches:  trunk
changeset: 513615:77b6ffac143e
user:      jdolecek <jdolecek%NetBSD.org@localhost>
date:      Sun Aug 05 11:22:33 2001 +0000

description:
bound check the vi.in_size in venus_ioctl()

diffstat:

 sys/coda/coda_venus.c |  5 ++++-
 1 files changed, 4 insertions(+), 1 deletions(-)

diffs (19 lines):

diff -r 93cd966a385f -r 77b6ffac143e sys/coda/coda_venus.c
--- a/sys/coda/coda_venus.c     Sun Aug 05 11:20:13 2001 +0000
+++ b/sys/coda/coda_venus.c     Sun Aug 05 11:22:33 2001 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: coda_venus.c,v 1.8 2001/07/18 16:12:31 thorpej Exp $   */
+/*     $NetBSD: coda_venus.c,v 1.9 2001/08/05 11:22:33 jdolecek Exp $  */
 
 /*
  * 
@@ -266,6 +266,9 @@
     tmp = ((com >> 16) & IOCPARM_MASK) - sizeof (char *) - sizeof (int);
     inp->cmd |= (tmp & IOCPARM_MASK) <<        16;
 
+    if (iap->vi.in_size < 0 || iap->vi.in_size > VC_MAXMSGSIZE)
+       return (EINVAL);
+
     inp->rwflag = flag;
     inp->len = iap->vi.in_size;
     inp->data = (char *)(sizeof (struct coda_ioctl_in));

Prev by Date: [src/trunk]: src/sys/arch/m68k/include If = is in a constraint, it must be th...
Next by Date: [src/trunk]: src/sys use unsigned variable types as appropriate
Previous by Thread: [src/trunk]: src/sys/arch/m68k/include If = is in a constraint, it must be th...
Next by Thread: [src/trunk]: src/sys use unsigned variable types as appropriate
Indexes:

Home | Main Index | Thread Index | Old Index