cvs commit: src/sys/sys syscallsubr.h src/sys/kern vfs_syscalls.c
src/sys/alpha/osf1 osf1_mount.c src/sys/compat/freebsd32
freebsd32_misc.c
Pawel Jakub Dawidek
pjd at FreeBSD.org
Sat Jun 11 14:58:21 GMT 2005
pjd 2005-06-11 14:58:20 UTC
FreeBSD src repository
Modified files:
sys/sys syscallsubr.h
sys/kern vfs_syscalls.c
sys/alpha/osf1 osf1_mount.c
sys/compat/freebsd32 freebsd32_misc.c
Log:
Do not allocate memory based on not-checked argument from userland.
It can be used to panic the kernel by giving too big value.
Fix it by moving allocation and size verification into kern_getfsstat().
This even simplifies kern_getfsstat() consumers, but destroys symmetry -
memory is allocated inside kern_getfsstat(), but has to be freed by the
caller.
Found by: FreeBSD Kernel Stress Test Suite: http://www.holm.cc/stress/
Reported by: Peter Holm <peter at holm.cc>
Revision Changes Path
1.25 +2 -6 src/sys/alpha/osf1/osf1_mount.c
1.35 +2 -6 src/sys/compat/freebsd32/freebsd32_misc.c
1.389 +28 -13 src/sys/kern/vfs_syscalls.c
1.30 +1 -1 src/sys/sys/syscallsubr.h
More information about the cvs-src
mailing list