Date: Tue, 10 Jan 2017 08:25:03 +0000 (UTC) From: Alexander Motin <mav@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r311866 - stable/10/usr.sbin/ctld Message-ID: <201701100825.v0A8P38T067148@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: mav Date: Tue Jan 10 08:25:03 2017 New Revision: 311866 URL: https://svnweb.freebsd.org/changeset/base/311866 Log: MFC r310633: Add MAX_LUNS overflow safety checks. While this MAX_LUNS limitation is too synthetic and should be removed, it is better to enforce it while it is here. Modified: stable/10/usr.sbin/ctld/parse.y Directory Properties: stable/10/ (props changed) Modified: stable/10/usr.sbin/ctld/parse.y ============================================================================== --- stable/10/usr.sbin/ctld/parse.y Tue Jan 10 08:23:06 2017 (r311865) +++ stable/10/usr.sbin/ctld/parse.y Tue Jan 10 08:25:03 2017 (r311866) @@ -808,6 +808,11 @@ lun_number: STR free($1); return (1); } + if (tmp >= MAX_LUNS) { + yyerror("LU number is too big"); + free($1); + return (1); + } ret = asprintf(&name, "%s,lun,%ju", target->t_name, tmp); if (ret <= 0) @@ -832,6 +837,11 @@ target_lun_ref: LUN STR STR return (1); } free($2); + if (tmp >= MAX_LUNS) { + yyerror("LU number is too big"); + free($3); + return (1); + } lun = lun_find(conf, $3); free($3);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201701100825.v0A8P38T067148>