Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

make debug_sysctl() sysctl MIB check more strict. from smak. 

attack similar to NetBSD-SA2003-014 can be mounted due to this flaw.
This commit is contained in:
itojun 2003-10-01 21:45:14 +00:00
parent 457f6dbe79
commit d104a1a89a
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
sys/kern/kern_sysctl.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: kern_sysctl.c,v 1.146 2003/09/28 13:24:48 dsl Exp $ */ /* $NetBSD: kern_sysctl.c,v 1.147 2003/10/01 21:45:14 itojun Exp $ */
/*- /*-
* Copyright (c) 1982, 1986, 1989, 1993 * Copyright (c) 1982, 1986, 1989, 1993
@ -39,7 +39,7 @@
*/ */
#include <sys/cdefs.h> #include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: kern_sysctl.c,v 1.146 2003/09/28 13:24:48 dsl Exp $"); __KERNEL_RCSID(0, "$NetBSD: kern_sysctl.c,v 1.147 2003/10/01 21:45:14 itojun Exp $");
#include "opt_ddb.h" #include "opt_ddb.h"
#include "opt_insecure.h" #include "opt_insecure.h"
@ -782,7 +782,7 @@ debug_sysctl(int *name, u_int namelen, void *oldp, size_t *oldlenp,
/* all sysctl names at this level are name and field */ /* all sysctl names at this level are name and field */
if (namelen != 2) if (namelen != 2)
return (ENOTDIR); /* overloaded */ return (ENOTDIR); /* overloaded */
if (name[0] >= CTL_DEBUG_MAXID) if (name[0] < 0 || name[0] >= CTL_DEBUG_MAXID)
return (EOPNOTSUPP); return (EOPNOTSUPP);
cdp = debugvars[name[0]]; cdp = debugvars[name[0]];
if (cdp->debugname == 0) if (cdp->debugname == 0)