Module Name: src Committed By: martin Date: Fri Jan 1 13:19:58 UTC 2021
Modified Files: src/sys/ufs/ufs [netbsd-8]: ufs_quota1.c Log Message: Pull up following revision(s) (requested by nia in ticket #1645): sys/ufs/ufs/ufs_quota1.c: revision 1.23 Avoid potentially accessing an array with an index out of range. To generate a diff of this commit: cvs rdiff -u -r1.22 -r1.22.10.1 src/sys/ufs/ufs/ufs_quota1.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/sys/ufs/ufs/ufs_quota1.c diff -u src/sys/ufs/ufs/ufs_quota1.c:1.22 src/sys/ufs/ufs/ufs_quota1.c:1.22.10.1 --- src/sys/ufs/ufs/ufs_quota1.c:1.22 Mon Jun 20 00:52:04 2016 +++ src/sys/ufs/ufs/ufs_quota1.c Fri Jan 1 13:19:57 2021 @@ -1,4 +1,4 @@ -/* $NetBSD: ufs_quota1.c,v 1.22 2016/06/20 00:52:04 dholland Exp $ */ +/* $NetBSD: ufs_quota1.c,v 1.22.10.1 2021/01/01 13:19:57 martin Exp $ */ /* * Copyright (c) 1982, 1986, 1990, 1993, 1995 @@ -35,7 +35,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: ufs_quota1.c,v 1.22 2016/06/20 00:52:04 dholland Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ufs_quota1.c,v 1.22.10.1 2021/01/01 13:19:57 martin Exp $"); #include <sys/param.h> #include <sys/kernel.h> @@ -311,6 +311,9 @@ quota1_handle_cmd_quotaon(struct lwp *l, struct pathbuf *pb; struct nameidata nd; + if (type < 0 || type >= MAXQUOTAS) + return EINVAL; + if (ump->um_flags & UFS_QUOTA2) { uprintf("%s: quotas v2 already enabled\n", mp->mnt_stat.f_mntonname); @@ -421,6 +424,9 @@ quota1_handle_cmd_quotaoff(struct lwp *l kauth_cred_t cred; int i, error; + if (type < 0 || type >= MAXQUOTAS) + return EINVAL; + mutex_enter(&dqlock); while ((ump->umq1_qflags[type] & (QTF_CLOSING | QTF_OPENING)) != 0) cv_wait(&dqcv, &dqlock);