Author: pho Date: Fri Mar 9 21:31:12 2012 New Revision: 232750 URL: http://svn.freebsd.org/changeset/base/232750
Log: Perform the parameter validation before assigning it to a signed int variable. This fixes the problem seen with readdir(3) fuzzing. Submitted by: bde MFC after: 1 week Modified: head/sys/kern/vfs_syscalls.c Modified: head/sys/kern/vfs_syscalls.c ============================================================================== --- head/sys/kern/vfs_syscalls.c Fri Mar 9 21:02:39 2012 (r232749) +++ head/sys/kern/vfs_syscalls.c Fri Mar 9 21:31:12 2012 (r232750) @@ -4153,9 +4153,9 @@ kern_getdirentries(struct thread *td, in int error, eofflag; AUDIT_ARG_FD(fd); - auio.uio_resid = count; - if (auio.uio_resid > IOSIZE_MAX) + if (count > IOSIZE_MAX) return (EINVAL); + auio.uio_resid = count; if ((error = getvnode(td->td_proc->p_fd, fd, CAP_READ | CAP_SEEK, &fp)) != 0) return (error); _______________________________________________ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"