Author: sbruno Date: Wed Apr 20 15:31:03 2016 New Revision: 298351 URL: https://svnweb.freebsd.org/changeset/base/298351
Log: Avoid a possible heap overflow in our nlm code by limiting the number of service to the arbitrary value of 256. Log an appropriate message that indicates the hard limit. PR: 208808 Submitted by: ct...@hardenedbsd.org Reviewed by: dfr Obtained from: HardenedBSD MFC after: 2 weeks Modified: head/sys/nlm/nlm_prot_impl.c Modified: head/sys/nlm/nlm_prot_impl.c ============================================================================== --- head/sys/nlm/nlm_prot_impl.c Wed Apr 20 14:47:16 2016 (r298350) +++ head/sys/nlm/nlm_prot_impl.c Wed Apr 20 15:31:03 2016 (r298351) @@ -1439,6 +1439,12 @@ nlm_register_services(SVCPOOL *pool, int return (EINVAL); } + if (addr_count < 0 || addr_count > 256 ) { + NLM_ERR("NLM: too many service addresses (%d) given, " + "max 256 - can't start server\n", addr_count); + return (EINVAL); + } + xprts = malloc(addr_count * sizeof(SVCXPRT *), M_NLM, M_WAITOK|M_ZERO); for (i = 0; i < version_count; i++) { for (j = 0; j < addr_count; j++) { _______________________________________________ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"