Module Name: src Committed By: maxv Date: Wed Apr 16 19:25:28 UTC 2014
Modified Files: src/sys/kern: vfs_syscalls.c Log Message: Some fs's - like kernfs - set their vfs_min_mount_data to zero. Add a check to prevent an (un)privileged user from requesting a zero-sized allocation (and thus a panic). To generate a diff of this commit: cvs rdiff -u -r1.479 -r1.480 src/sys/kern/vfs_syscalls.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/sys/kern/vfs_syscalls.c diff -u src/sys/kern/vfs_syscalls.c:1.479 src/sys/kern/vfs_syscalls.c:1.480 --- src/sys/kern/vfs_syscalls.c:1.479 Wed Apr 16 18:55:18 2014 +++ src/sys/kern/vfs_syscalls.c Wed Apr 16 19:25:28 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: vfs_syscalls.c,v 1.479 2014/04/16 18:55:18 maxv Exp $ */ +/* $NetBSD: vfs_syscalls.c,v 1.480 2014/04/16 19:25:28 maxv Exp $ */ /*- * Copyright (c) 2008, 2009 The NetBSD Foundation, Inc. @@ -70,7 +70,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: vfs_syscalls.c,v 1.479 2014/04/16 18:55:18 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: vfs_syscalls.c,v 1.480 2014/04/16 19:25:28 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_fileassoc.h" @@ -498,7 +498,7 @@ do_sys_mount(struct lwp *l, struct vfsop && data_len < sizeof (struct mnt_export_args30)) data_len = sizeof (struct mnt_export_args30); } - if (data_len > VFS_MAX_MOUNT_DATA) { + if ((data_len == 0) || (data_len > VFS_MAX_MOUNT_DATA)) { error = EINVAL; goto done; }