upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-05-28 04:12:45 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

o Move ifcr_count sanity check up and reject negative values before we

Browse source 
panic at kmem_alloc() via malloc(9).

PR:		kern/77748
Submitted by:	Wojciech A. Koszek
OK'ed by:	brooks
Security:	local DoS, a sample code in the PR.
MFC after:	3 days
This commit is contained in:
Maxim Konovalov 2005-02-24 13:14:41 +00:00
parent a65e9283c5
commit a6d008350d
1 changed files with 3 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
sys/net/if_clone.c
View file

@ -239,6 +239,9 @@ if_clone_list(struct if_clonereq *ifcr)
struct if_clone *ifc;
int buf_count, count, err = 0;
if (ifcr->ifcr_count < 0)
return (EINVAL);
IF_CLONERS_LOCK();
/*
* Set our internal output buffer size. We could end up not
@ -261,12 +264,6 @@ if_clone_list(struct if_clonereq *ifcr)
/* Just asking how many there are. */
goto done;
}
if (ifcr->ifcr_count < 0) {
err = EINVAL;
goto done;
}
count = (if_cloners_count < buf_count) ?
if_cloners_count : buf_count;