Date: Wed, 5 Feb 2020 16:09:44 +0000 (UTC) From: Mark Johnston <markj@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r357575 - head/lib/libc/net Message-ID: <202002051609.015G9iGF027876@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: markj Date: Wed Feb 5 16:09:44 2020 New Revision: 357575 URL: https://svnweb.freebsd.org/changeset/base/357575 Log: Improve validation of the sockaddr length in iruserok_sa(). Negative numbers are not valid sockaddr lengths. PR: 243747 Submitted by: Andrew Reiter <areiter@veracode.com> MFC after: 1 week Modified: head/lib/libc/net/rcmd.c Modified: head/lib/libc/net/rcmd.c ============================================================================== --- head/lib/libc/net/rcmd.c Wed Feb 5 16:09:21 2020 (r357574) +++ head/lib/libc/net/rcmd.c Wed Feb 5 16:09:44 2020 (r357575) @@ -438,8 +438,8 @@ iruserok_sa(const void *ra, int rlen, int superuser, c struct sockaddr_storage ss; /* avoid alignment issue */ - if (rlen > sizeof(ss)) - return(-1); + if (rlen <= 0 || rlen > sizeof(ss)) + return (-1); memcpy(&ss, ra, rlen); raddr = (struct sockaddr *)&ss;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202002051609.015G9iGF027876>