Site Navigation

Date:      Fri, 9 Mar 2012 21:31:13 +0000 (UTC)
From:      Peter Holm <pho@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r232750 - head/sys/kern
Message-ID:  <201203092131.q29LVDBa026111@svn.freebsd.org>

---

next in thread | raw e-mail | index | archive | help

---

Author: pho
Date: Fri Mar  9 21:31:12 2012
New Revision: 232750
URL: http://svn.freebsd.org/changeset/base/232750

Log:
  Perform the parameter validation before assigning it to a signed int
  variable. This fixes the problem seen with readdir(3) fuzzing.
  
  Submitted by:	bde
  MFC after:	1 week

Modified:
  head/sys/kern/vfs_syscalls.c

Modified: head/sys/kern/vfs_syscalls.c
==============================================================================
--- head/sys/kern/vfs_syscalls.c	Fri Mar  9 21:02:39 2012	(r232749)
+++ head/sys/kern/vfs_syscalls.c	Fri Mar  9 21:31:12 2012	(r232750)
@@ -4153,9 +4153,9 @@ kern_getdirentries(struct thread *td, in
 	int error, eofflag;
 
 	AUDIT_ARG_FD(fd);
-	auio.uio_resid = count;
-	if (auio.uio_resid > IOSIZE_MAX)
+	if (count > IOSIZE_MAX)
 		return (EINVAL);
+	auio.uio_resid = count;
 	if ((error = getvnode(td->td_proc->p_fd, fd, CAP_READ | CAP_SEEK,
 	    &fp)) != 0)
 		return (error);

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201203092131.q29LVDBa026111>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact