Aren/NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Limit the superblock size to SBLOCKSIZE, not MAXBSIZE. Otherwise memcpy

Browse Source 
will read beyond the allocated buffer.

Discussed a bit on tech-kern@.
This commit is contained in:
maxv 2014-10-30 17:13:41 +00:00
parent 7eb4355d2e
commit 86c13aa357
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
sys/ufs/ffs/ffs_vfsops.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: ffs_vfsops.c,v 1.300 2014/10/24 13:18:51 njoly Exp $ */
/* $NetBSD: ffs_vfsops.c,v 1.301 2014/10/30 17:13:41 maxv Exp $ */
/*-
* Copyright (c) 2008, 2009 The NetBSD Foundation, Inc.
@ -61,7 +61,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: ffs_vfsops.c,v 1.300 2014/10/24 13:18:51 njoly Exp $");
__KERNEL_RCSID(0, "$NetBSD: ffs_vfsops.c,v 1.301 2014/10/30 17:13:41 maxv Exp $");
#if defined(_KERNEL_OPT)
#include "opt_ffs.h"
@ -974,7 +974,7 @@ ffs_mountfs(struct vnode *devvp, struct mount *mp, struct lwp *l)
continue;
/* Validate size of superblock */
if (sbsize > MAXBSIZE || sbsize < sizeof(struct fs))
if (sbsize > SBLOCKSIZE || sbsize < sizeof(struct fs))
continue;
/* Check that we can handle the file system blocksize */