Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 10 Jan 2017 08:25:03 +0000 (UTC)
From:      Alexander Motin <mav@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org
Subject:   svn commit: r311866 - stable/10/usr.sbin/ctld
Message-ID:  <201701100825.v0A8P38T067148@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: mav
Date: Tue Jan 10 08:25:03 2017
New Revision: 311866
URL: https://svnweb.freebsd.org/changeset/base/311866

Log:
  MFC r310633: Add MAX_LUNS overflow safety checks.
  
  While this MAX_LUNS limitation is too synthetic and should be removed,
  it is better to enforce it while it is here.

Modified:
  stable/10/usr.sbin/ctld/parse.y
Directory Properties:
  stable/10/   (props changed)

Modified: stable/10/usr.sbin/ctld/parse.y
==============================================================================
--- stable/10/usr.sbin/ctld/parse.y	Tue Jan 10 08:23:06 2017	(r311865)
+++ stable/10/usr.sbin/ctld/parse.y	Tue Jan 10 08:25:03 2017	(r311866)
@@ -808,6 +808,11 @@ lun_number:	STR
 			free($1);
 			return (1);
 		}
+		if (tmp >= MAX_LUNS) {
+			yyerror("LU number is too big");
+			free($1);
+			return (1);
+		}
 
 		ret = asprintf(&name, "%s,lun,%ju", target->t_name, tmp);
 		if (ret <= 0)
@@ -832,6 +837,11 @@ target_lun_ref:	LUN STR STR
 			return (1);
 		}
 		free($2);
+		if (tmp >= MAX_LUNS) {
+			yyerror("LU number is too big");
+			free($3);
+			return (1);
+		}
 
 		lun = lun_find(conf, $3);
 		free($3);



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201701100825.v0A8P38T067148>