svn commit: r303173 - stable/10/sys/nlm
Sean Bruno
sbruno at FreeBSD.org
Fri Jul 22 03:09:48 UTC 2016
Author: sbruno
Date: Fri Jul 22 03:09:47 2016
New Revision: 303173
URL: https://svnweb.freebsd.org/changeset/base/303173
Log:
MFC r298351
Avoid a possible heap overflow in our nlm code by limiting the number
of service to the arbitrary value of 256. Log an appropriate message
that indicates the hard limit.
Modified:
stable/10/sys/nlm/nlm_prot_impl.c
Modified: stable/10/sys/nlm/nlm_prot_impl.c
==============================================================================
--- stable/10/sys/nlm/nlm_prot_impl.c Fri Jul 22 03:03:52 2016 (r303172)
+++ stable/10/sys/nlm/nlm_prot_impl.c Fri Jul 22 03:09:47 2016 (r303173)
@@ -1439,6 +1439,12 @@ nlm_register_services(SVCPOOL *pool, int
return (EINVAL);
}
+ if (addr_count < 0 || addr_count > 256 ) {
+ NLM_ERR("NLM: too many service addresses (%d) given, "
+ "max 256 - can't start server\n", addr_count);
+ return (EINVAL);
+ }
+
xprts = malloc(addr_count * sizeof(SVCXPRT *), M_NLM, M_WAITOK|M_ZERO);
for (i = 0; i < version_count; i++) {
for (j = 0; j < addr_count; j++) {
More information about the svn-src-stable-10
mailing list