[src/trunk]: src/sys/dev/ic Reject negative indices from userland.

[riastradh <riastradh%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/e7b54c3e76a7
branches:  trunk
changeset: 825698:e7b54c3e76a7
user:      riastradh <riastradh%NetBSD.org@localhost>
date:      Fri Jul 28 14:49:55 2017 +0000

description:
Reject negative indices from userland.

>From Ilja Van Sprundel.

diffstat:

 sys/dev/ic/ciss.c |  10 +++++-----
 1 files changed, 5 insertions(+), 5 deletions(-)

diffs (42 lines):

diff -r 29f401c8d836 -r e7b54c3e76a7 sys/dev/ic/ciss.c
--- a/sys/dev/ic/ciss.c Fri Jul 28 14:45:59 2017 +0000
+++ b/sys/dev/ic/ciss.c Fri Jul 28 14:49:55 2017 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: ciss.c,v 1.36 2016/07/14 04:00:45 msaitoh Exp $        */
+/*     $NetBSD: ciss.c,v 1.37 2017/07/28 14:49:55 riastradh Exp $      */
 /*     $OpenBSD: ciss.c,v 1.68 2013/05/30 16:15:02 deraadt Exp $       */
 
 /*
@@ -19,7 +19,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ciss.c,v 1.36 2016/07/14 04:00:45 msaitoh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ciss.c,v 1.37 2017/07/28 14:49:55 riastradh Exp $");
 
 #include "bio.h"
 
@@ -1299,12 +1299,12 @@
                /* FALLTHROUGH */
        case BIOCDISK:
                bd = (struct bioc_disk *)addr;
-               if (bd->bd_volid > sc->maxunits) {
+               if (bd->bd_volid < 0 || bd->bd_volid > sc->maxunits) {
                        error = EINVAL;
                        break;
                }
                ldp = sc->sc_lds[0];
-               if (!ldp || (pd = bd->bd_diskid) > ldp->ndrives) {
+               if (!ldp || (pd = bd->bd_diskid) < 0 || pd > ldp->ndrives) {
                        error = EINVAL;
                        break;
                }
@@ -1405,7 +1405,7 @@
        int error = 0;
        u_int blks;
 
-       if (bv->bv_volid > sc->maxunits) {
+       if (bv->bv_volid < 0 || bv->bv_volid > sc->maxunits) {
                return EINVAL;
        }
        ldp = sc->sc_lds[bv->bv_volid];