Author: pho
Date: Fri Mar 9 21:31:12 2012
New Revision: 232750
URL: http://svn.freebsd.org/changeset/base/232750
Log:
Perform the parameter validation before assigning it to a signed int
variable. This fixes the problem seen with readdir(3) fuzzing.
Submitted by: bde
MFC after: 1 week
Modified:
head/sys/kern/vfs_syscalls.c
Modified: head/sys/kern/vfs_syscalls.c
==============================================================================
--- head/sys/kern/vfs_syscalls.c Fri Mar 9 21:02:39 2012
(r232749)
+++ head/sys/kern/vfs_syscalls.c Fri Mar 9 21:31:12 2012
(r232750)
@@ -4153,9 +4153,9 @@ kern_getdirentries(struct thread *td, in
int error, eofflag;
AUDIT_ARG_FD(fd);
- auio.uio_resid = count;
- if (auio.uio_resid > IOSIZE_MAX)
+ if (count > IOSIZE_MAX)
return (EINVAL);
+ auio.uio_resid = count;
if ((error = getvnode(td->td_proc->p_fd, fd, CAP_READ | CAP_SEEK,
&fp)) != 0)
return (error);
_______________________________________________
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
