Date: Tue, 17 Apr 2012 13:28:14 +0000 (UTC) From: Edward Tomasz Napierala <trasz@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r234380 - head/sys/kern Message-ID: <201204171328.q3HDSEEa084048@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: trasz Date: Tue Apr 17 13:28:14 2012 New Revision: 234380 URL: http://svn.freebsd.org/changeset/base/234380 Log: Enforce upper bound on the input buffer length. Reported by: Mateusz Guzik Modified: head/sys/kern/kern_rctl.c Modified: head/sys/kern/kern_rctl.c ============================================================================== --- head/sys/kern/kern_rctl.c Tue Apr 17 11:55:19 2012 (r234379) +++ head/sys/kern/kern_rctl.c Tue Apr 17 13:28:14 2012 (r234380) @@ -73,6 +73,7 @@ FEATURE(rctl, "Resource Limits"); /* Default buffer size for rctl_get_rules(2). */ #define RCTL_DEFAULT_BUFSIZE 4096 +#define RCTL_MAX_INBUFLEN 4096 #define RCTL_LOG_BUFSIZE 128 /* @@ -1191,6 +1192,8 @@ rctl_read_inbuf(char **inputstr, const c if (inbuflen <= 0) return (EINVAL); + if (inbuflen > RCTL_MAX_INBUFLEN) + return (E2BIG); str = malloc(inbuflen + 1, M_RCTL, M_WAITOK); error = copyinstr(inbufp, str, inbuflen, NULL);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201204171328.q3HDSEEa084048>