Date: Mon, 23 Jul 2018 16:56:49 +0000 (UTC) From: Andriy Gapon <avg@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r336641 - head/sys/security/audit Message-ID: <201807231656.w6NGun8x097835@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: avg Date: Mon Jul 23 16:56:49 2018 New Revision: 336641 URL: https://svnweb.freebsd.org/changeset/base/336641 Log: fix incorrect operator in the AUDITPIPE_SET_QLIMIT bounds check PR: 229983 Submitted by: Aniket Pandey <aniketp@iitk.ac.in> Reported by: Aniket Pandey <aniketp@iitk.ac.in> MFC after: 1 week Modified: head/sys/security/audit/audit_pipe.c Modified: head/sys/security/audit/audit_pipe.c ============================================================================== --- head/sys/security/audit/audit_pipe.c Mon Jul 23 16:11:03 2018 (r336640) +++ head/sys/security/audit/audit_pipe.c Mon Jul 23 16:56:49 2018 (r336641) @@ -756,7 +756,7 @@ audit_pipe_ioctl(struct cdev *dev, u_long cmd, caddr_t case AUDITPIPE_SET_QLIMIT: /* Lockless integer write. */ - if (*(u_int *)data >= AUDIT_PIPE_QLIMIT_MIN || + if (*(u_int *)data >= AUDIT_PIPE_QLIMIT_MIN && *(u_int *)data <= AUDIT_PIPE_QLIMIT_MAX) { ap->ap_qlimit = *(u_int *)data; error = 0;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201807231656.w6NGun8x097835>