Aren/NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Don't allow negative offsets when reading the message buffer, because it

Browse Source 
can allow reading arbitrary kernel memory.
This commit is contained in:
christos 2005-08-31 09:54:54 +00:00
parent 0bd65b04de
commit 218f69d99f
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
sys/miscfs/kernfs/kernfs_vnops.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: kernfs_vnops.c,v 1.110 2005/08/30 20:08:01 xtraeme Exp $ */ /* $NetBSD: kernfs_vnops.c,v 1.111 2005/08/31 09:54:54 christos Exp $ */
/* /*
* Copyright (c) 1992, 1993 * Copyright (c) 1992, 1993
@ -39,7 +39,7 @@
*/ */
#include <sys/cdefs.h> #include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: kernfs_vnops.c,v 1.110 2005/08/30 20:08:01 xtraeme Exp $"); __KERNEL_RCSID(0, "$NetBSD: kernfs_vnops.c,v 1.111 2005/08/31 09:54:54 christos Exp $");
#ifdef _KERNEL_OPT #ifdef _KERNEL_OPT
#include "opt_ipsec.h" #include "opt_ipsec.h"
@ -427,6 +427,10 @@ kernfs_xread(kfs, off, bufp, len, wrlen)
* message buffer header are corrupted, but that'll cause * message buffer header are corrupted, but that'll cause
* the system to die anyway. * the system to die anyway.
*/ */
if (off < 0) {
*wrlen = 0;
return EINVAL;
}
if (off >= msgbufp->msg_bufs) { if (off >= msgbufp->msg_bufs) {
*wrlen = 0; *wrlen = 0;
return (0); return (0);