Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Thou shalt not allocate PAGE_SIZE automatic variables on the kernel stack.

This commit is contained in:
scw 2005-06-08 07:25:12 +00:00
parent 3ff1c89a7f
commit 50d7457a5f
1 changed files with 15 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
sys/kern/kern_sysctl.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: kern_sysctl.c,v 1.180 2005/05/29 22:24:15 christos Exp $ */
/* $NetBSD: kern_sysctl.c,v 1.181 2005/06/08 07:25:12 scw Exp $ */
/*-
* Copyright (c) 2003 The NetBSD Foundation, Inc.
@ -75,7 +75,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: kern_sysctl.c,v 1.180 2005/05/29 22:24:15 christos Exp $");
__KERNEL_RCSID(0, "$NetBSD: kern_sysctl.c,v 1.181 2005/06/08 07:25:12 scw Exp $");
#include "opt_defcorename.h"
#include "opt_insecure.h"
@ -920,27 +920,35 @@ sysctl_create(SYSCTLFN_RWARGS)
return (EINVAL);
}
else {
char vp[PAGE_SIZE], *e;
char *vp, *e;
size_t s;
/*
* we want a rough idea of what the
* size is now
*/
vp = malloc(PAGE_SIZE, M_SYSCTLDATA,
M_WAITOK|M_CANFAIL);
if (vp == NULL)
return (ENOMEM);
e = nnode.sysctl_data;
do {
error = copyinstr(e, &vp[0], sizeof(vp),
&s);
error = copyinstr(e, vp, PAGE_SIZE, &s);
if (error) {
if (error != ENAMETOOLONG)
if (error != ENAMETOOLONG) {
free(vp, M_SYSCTLDATA);
return (error);
}
e += PAGE_SIZE;
if ((e - 32 * PAGE_SIZE) >
(char*)nnode.sysctl_data)
(char*)nnode.sysctl_data) {
free(vp, M_SYSCTLDATA);
return (ERANGE);
}
}
} while (error != 0);
sz = s + (e - (char*)nnode.sysctl_data);
free(vp, M_SYSCTLDATA);
}
}
break;