CVS commit: src/usr.bin/kdump

Sun, 27 Mar 2016 14:51:56 -0700 

Module Name:    src
Committed By:   alnsn
Date:           Sun Mar 27 21:51:20 UTC 2016

Modified Files:
        src/usr.bin/kdump: kdump.c

Log Message:
Don't enter infinite loop on big ktr_len values.

Fixes PR 49460.


To generate a diff of this commit:
cvs rdiff -u -r1.122 -r1.123 src/usr.bin/kdump/kdump.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/usr.bin/kdump/kdump.c
diff -u src/usr.bin/kdump/kdump.c:1.122 src/usr.bin/kdump/kdump.c:1.123
--- src/usr.bin/kdump/kdump.c:1.122	Mon Jan  4 08:24:42 2016
+++ src/usr.bin/kdump/kdump.c	Sun Mar 27 21:51:20 2016
@@ -1,4 +1,4 @@
-/*	$NetBSD: kdump.c,v 1.122 2016/01/04 08:24:42 martin Exp $	*/
+/*	$NetBSD: kdump.c,v 1.123 2016/03/27 21:51:20 alnsn Exp $	*/
 
 /*-
  * Copyright (c) 1988, 1993
@@ -39,7 +39,7 @@ __COPYRIGHT("@(#) Copyright (c) 1988, 19
 #if 0
 static char sccsid[] = "@(#)kdump.c	8.4 (Berkeley) 4/28/95";
 #else
-__RCSID("$NetBSD: kdump.c,v 1.122 2016/01/04 08:24:42 martin Exp $");
+__RCSID("$NetBSD: kdump.c,v 1.123 2016/03/27 21:51:20 alnsn Exp $");
 #endif
 #endif /* not lint */
 
@@ -109,7 +109,7 @@ static void	ioctldecode(u_long);
 static void	ktrsyscall(struct ktr_syscall *);
 static void	ktrsysret(struct ktr_sysret *, int);
 static void	ktrnamei(char *, int);
-static void	ktremul(char *, int, int);
+static void	ktremul(char *, size_t, size_t);
 static void	ktrgenio(struct ktr_genio *, int);
 static void	ktrpsig(void *, int);
 static void	ktrcsw(struct ktr_csw *);
@@ -126,7 +126,8 @@ static void visdump_buf(const void *, in
 int
 main(int argc, char **argv)
 {
-	int ch, ktrlen, size;
+	unsigned int ktrlen, size;
+	int ch;
 	void *m;
 	int trpoints = 0;
 	int trset = 0;
@@ -249,7 +250,7 @@ main(int argc, char **argv)
 			col = dumpheader(&ktr_header);
 		else
 			col = -1;
-		if ((ktrlen = ktr_header.ktr_len) < 0)
+		if ((ktrlen = ktr_header.ktr_len) > INT_MAX)
 			errx(1, "bogus length 0x%x", ktrlen);
 		if (ktrlen > size) {
 			while (ktrlen > size)
@@ -751,7 +752,7 @@ ktrnamei(char *cp, int len)
 }
 
 static void
-ktremul(char *name, int len, int bufsize)
+ktremul(char *name, size_t len, size_t bufsize)
 {
 
 	if (len >= bufsize)

Reply via email to