Date: Thu, 24 May 2012 11:46:39 +0000 (UTC) From: Edward Tomasz Napierala <trasz@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org Subject: svn commit: r235901 - stable/9/sys/kern Message-ID: <201205241146.q4OBkdBS036101@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: trasz Date: Thu May 24 11:46:39 2012 New Revision: 235901 URL: http://svn.freebsd.org/changeset/base/235901 Log: MFC r234380: Enforce upper bound on the input buffer length. Modified: stable/9/sys/kern/kern_rctl.c Directory Properties: stable/9/sys/ (props changed) Modified: stable/9/sys/kern/kern_rctl.c ============================================================================== --- stable/9/sys/kern/kern_rctl.c Thu May 24 11:43:33 2012 (r235900) +++ stable/9/sys/kern/kern_rctl.c Thu May 24 11:46:39 2012 (r235901) @@ -73,6 +73,7 @@ FEATURE(rctl, "Resource Limits"); /* Default buffer size for rctl_get_rules(2). */ #define RCTL_DEFAULT_BUFSIZE 4096 +#define RCTL_MAX_INBUFLEN 4096 #define RCTL_LOG_BUFSIZE 128 /* @@ -1191,6 +1192,8 @@ rctl_read_inbuf(char **inputstr, const c if (inbuflen <= 0) return (EINVAL); + if (inbuflen > RCTL_MAX_INBUFLEN) + return (E2BIG); str = malloc(inbuflen + 1, M_RCTL, M_WAITOK); error = copyinstr(inbufp, str, inbuflen, NULL);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201205241146.q4OBkdBS036101>