svn commit: r235901 - stable/9/sys/kern

Thu May 24 11:46:40 UTC 2012

Author: trasz
Date: Thu May 24 11:46:39 2012
New Revision: 235901
URL: http://svn.freebsd.org/changeset/base/235901

Log:
  MFC r234380:
  
  Enforce upper bound on the input buffer length.

Modified:
  stable/9/sys/kern/kern_rctl.c
Directory Properties:
  stable/9/sys/   (props changed)

Modified: stable/9/sys/kern/kern_rctl.c
==============================================================================

--- stable/9/sys/kern/kern_rctl.c	Thu May 24 11:43:33 2012	(r235900)
+++ stable/9/sys/kern/kern_rctl.c	Thu May 24 11:46:39 2012	(r235901)
@@ -73,6 +73,7 @@ FEATURE(rctl, "Resource Limits");
 
 /* Default buffer size for rctl_get_rules(2). */
 #define	RCTL_DEFAULT_BUFSIZE	4096
+#define	RCTL_MAX_INBUFLEN	4096
 #define	RCTL_LOG_BUFSIZE	128
 
 /*
@@ -1191,6 +1192,8 @@ rctl_read_inbuf(char **inputstr, const c
 
 	if (inbuflen <= 0)
 		return (EINVAL);
+	if (inbuflen > RCTL_MAX_INBUFLEN)
+		return (E2BIG);
 
 	str = malloc(inbuflen + 1, M_RCTL, M_WAITOK);
 	error = copyinstr(inbufp, str, inbuflen, NULL);
