Module Name: src
Committed By: maxv
Date: Wed Apr 16 19:25:28 UTC 2014
Modified Files:
src/sys/kern: vfs_syscalls.c
Log Message:
Some fs's - like kernfs - set their vfs_min_mount_data to zero. Add a check
to prevent an (un)privileged user from requesting a zero-sized allocation
(and thus a panic).
To generate a diff of this commit:
cvs rdiff -u -r1.479 -r1.480 src/sys/kern/vfs_syscalls.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/kern/vfs_syscalls.c
diff -u src/sys/kern/vfs_syscalls.c:1.479 src/sys/kern/vfs_syscalls.c:1.480
--- src/sys/kern/vfs_syscalls.c:1.479 Wed Apr 16 18:55:18 2014
+++ src/sys/kern/vfs_syscalls.c Wed Apr 16 19:25:28 2014
@@ -1,4 +1,4 @@
-/* $NetBSD: vfs_syscalls.c,v 1.479 2014/04/16 18:55:18 maxv Exp $ */
+/* $NetBSD: vfs_syscalls.c,v 1.480 2014/04/16 19:25:28 maxv Exp $ */
/*-
* Copyright (c) 2008, 2009 The NetBSD Foundation, Inc.
@@ -70,7 +70,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: vfs_syscalls.c,v 1.479 2014/04/16 18:55:18 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: vfs_syscalls.c,v 1.480 2014/04/16 19:25:28 maxv Exp $");
#ifdef _KERNEL_OPT
#include "opt_fileassoc.h"
@@ -498,7 +498,7 @@ do_sys_mount(struct lwp *l, struct vfsop
&& data_len < sizeof (struct mnt_export_args30))
data_len = sizeof (struct mnt_export_args30);
}
- if (data_len > VFS_MAX_MOUNT_DATA) {
+ if ((data_len == 0) || (data_len > VFS_MAX_MOUNT_DATA)) {
error = EINVAL;
goto done;
}
