Date: Sat, 11 Jun 2005 14:58:20 +0000 (UTC) From: Pawel Jakub Dawidek <pjd@FreeBSD.org> To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/sys syscallsubr.h src/sys/kern vfs_syscalls.c src/sys/alpha/osf1 osf1_mount.c src/sys/compat/freebsd32 freebsd32_misc.c Message-ID: <200506111458.j5BEwL70084857@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
pjd 2005-06-11 14:58:20 UTC
FreeBSD src repository
Modified files:
sys/sys syscallsubr.h
sys/kern vfs_syscalls.c
sys/alpha/osf1 osf1_mount.c
sys/compat/freebsd32 freebsd32_misc.c
Log:
Do not allocate memory based on not-checked argument from userland.
It can be used to panic the kernel by giving too big value.
Fix it by moving allocation and size verification into kern_getfsstat().
This even simplifies kern_getfsstat() consumers, but destroys symmetry -
memory is allocated inside kern_getfsstat(), but has to be freed by the
caller.
Found by: FreeBSD Kernel Stress Test Suite: http://www.holm.cc/stress/
Reported by: Peter Holm <peter@holm.cc>
Revision Changes Path
1.25 +2 -6 src/sys/alpha/osf1/osf1_mount.c
1.35 +2 -6 src/sys/compat/freebsd32/freebsd32_misc.c
1.389 +28 -13 src/sys/kern/vfs_syscalls.c
1.30 +1 -1 src/sys/sys/syscallsubr.h
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200506111458.j5BEwL70084857>