From 47849859a8802d2f7f408d4bb0a6b277352590d5 Mon Sep 17 00:00:00 2001 From: jdolecek Date: Sun, 5 Aug 2001 11:16:56 +0000 Subject: [PATCH] Don't allow the size of active diagnostics parameter be bigger than newly added I4B_ACTIVE_DIAGNOSTIC_MAXPARAMLEN (currently 64KB). --- sys/netisdn/i4b_i4bdrv.c | 8 +++++++- sys/netisdn/i4b_ioctl.h | 3 ++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/sys/netisdn/i4b_i4bdrv.c b/sys/netisdn/i4b_i4bdrv.c index 53d81543d44e..7c9195783146 100644 --- a/sys/netisdn/i4b_i4bdrv.c +++ b/sys/netisdn/i4b_i4bdrv.c @@ -27,7 +27,7 @@ * i4b_i4bdrv.c - i4b userland interface driver * -------------------------------------------- * - * $Id: i4b_i4bdrv.c,v 1.4 2001/04/21 07:23:41 martin Exp $ + * $Id: i4b_i4bdrv.c,v 1.5 2001/08/05 11:16:56 jdolecek Exp $ * * $FreeBSD$ * @@ -834,6 +834,12 @@ download_done: if(req.in_param_len) { + /* XXX arbitrary limit */ + if (req.in_param_len > I4B_ACTIVE_DIAGNOSTIC_MAXPARAMLEN) { + error = EINVAL; + goto diag_done; + } + req.in_param = malloc(r->in_param_len, M_DEVBUF, M_WAITOK); if(!req.in_param) diff --git a/sys/netisdn/i4b_ioctl.h b/sys/netisdn/i4b_ioctl.h index c8c21027c5e3..8906de92c789 100644 --- a/sys/netisdn/i4b_ioctl.h +++ b/sys/netisdn/i4b_ioctl.h @@ -27,7 +27,7 @@ * i4b_ioctl.h - messages kernel <--> userland * ------------------------------------------- * - * $Id: i4b_ioctl.h,v 1.1.1.1 2001/01/05 12:49:56 martin Exp $ + * $Id: i4b_ioctl.h,v 1.2 2001/08/05 11:16:56 jdolecek Exp $ * * $FreeBSD$ * @@ -688,6 +688,7 @@ struct isdn_diagnostic_request { int controller; /* controller number */ u_int32_t cmd; /* diagnostic command to execute */ size_t in_param_len; /* length of additional input parameter */ +#define I4B_ACTIVE_DIAGNOSTIC_MAXPARAMLEN 65536 void *in_param; /* optional input parameter */ size_t out_param_len; /* available output space */ void *out_param; /* output data goes here */