Module Name: src
Committed By: martin
Date: Fri Jan 1 13:19:58 UTC 2021
Modified Files:
src/sys/ufs/ufs [netbsd-8]: ufs_quota1.c
Log Message:
Pull up following revision(s) (requested by nia in ticket #1645):
sys/ufs/ufs/ufs_quota1.c: revision 1.23
Avoid potentially accessing an array with an index out of range.
To generate a diff of this commit:
cvs rdiff -u -r1.22 -r1.22.10.1 src/sys/ufs/ufs/ufs_quota1.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/ufs/ufs/ufs_quota1.c
diff -u src/sys/ufs/ufs/ufs_quota1.c:1.22 src/sys/ufs/ufs/ufs_quota1.c:1.22.10.1
--- src/sys/ufs/ufs/ufs_quota1.c:1.22 Mon Jun 20 00:52:04 2016
+++ src/sys/ufs/ufs/ufs_quota1.c Fri Jan 1 13:19:57 2021
@@ -1,4 +1,4 @@
-/* $NetBSD: ufs_quota1.c,v 1.22 2016/06/20 00:52:04 dholland Exp $ */
+/* $NetBSD: ufs_quota1.c,v 1.22.10.1 2021/01/01 13:19:57 martin Exp $ */
/*
* Copyright (c) 1982, 1986, 1990, 1993, 1995
@@ -35,7 +35,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ufs_quota1.c,v 1.22 2016/06/20 00:52:04 dholland Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ufs_quota1.c,v 1.22.10.1 2021/01/01 13:19:57 martin Exp $");
#include <sys/param.h>
#include <sys/kernel.h>
@@ -311,6 +311,9 @@ quota1_handle_cmd_quotaon(struct lwp *l,
struct pathbuf *pb;
struct nameidata nd;
+ if (type < 0 || type >= MAXQUOTAS)
+ return EINVAL;
+
if (ump->um_flags & UFS_QUOTA2) {
uprintf("%s: quotas v2 already enabled\n",
mp->mnt_stat.f_mntonname);
@@ -421,6 +424,9 @@ quota1_handle_cmd_quotaoff(struct lwp *l
kauth_cred_t cred;
int i, error;
+ if (type < 0 || type >= MAXQUOTAS)
+ return EINVAL;
+
mutex_enter(&dqlock);
while ((ump->umq1_qflags[type] & (QTF_CLOSING | QTF_OPENING)) != 0)
cv_wait(&dqcv, &dqlock);
