Author: trasz
Date: Tue Apr 17 13:28:14 2012
New Revision: 234380
URL: http://svn.freebsd.org/changeset/base/234380
Log:
Enforce upper bound on the input buffer length.
Reported by: Mateusz Guzik
Modified:
head/sys/kern/kern_rctl.c
Modified: head/sys/kern/kern_rctl.c
==============================================================================
--- head/sys/kern/kern_rctl.c Tue Apr 17 11:55:19 2012 (r234379)
+++ head/sys/kern/kern_rctl.c Tue Apr 17 13:28:14 2012 (r234380)
@@ -73,6 +73,7 @@ FEATURE(rctl, "Resource Limits");
/* Default buffer size for rctl_get_rules(2). */
#define RCTL_DEFAULT_BUFSIZE 4096
+#define RCTL_MAX_INBUFLEN 4096
#define RCTL_LOG_BUFSIZE 128
/*
@@ -1191,6 +1192,8 @@ rctl_read_inbuf(char **inputstr, const c
if (inbuflen <= 0)
return (EINVAL);
+ if (inbuflen > RCTL_MAX_INBUFLEN)
+ return (E2BIG);
str = malloc(inbuflen + 1, M_RCTL, M_WAITOK);
error = copyinstr(inbufp, str, inbuflen, NULL);
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
