kern/77748: [PATCH] Local DoS from user-space in if_clone_list()
Maxim Konovalov
maxim at macomnet.ru
Sun Feb 20 07:50:28 GMT 2005
The following reply was made to PR kern/77748; it has been noted by GNATS.
From: Maxim Konovalov <maxim at macomnet.ru>
To: "Wojciech A. Koszek" <dunstan at freebsd.czest.pl>
Cc: bug-followup at freebsd.org
Subject: Re: kern/77748: [PATCH] Local DoS from user-space in if_clone_list()
Date: Sun, 20 Feb 2005 10:49:55 +0300 (MSK)
Hi Wojciech,
Nice catch! It seems with your patch we do not need a second check
for ifcr->ifcr_count a bit later in the code.
Index: if_clone.c
===================================================================
RCS file: /home/ncvs/src/sys/net/if_clone.c,v
retrieving revision 1.5
diff -u -r1.5 if_clone.c
--- if_clone.c 10 Feb 2005 12:02:37 -0000 1.5
+++ if_clone.c 20 Feb 2005 07:42:30 -0000
@@ -239,6 +239,9 @@
struct if_clone *ifc;
int buf_count, count, err = 0;
+ if (ifcr->ifcr_count < 0)
+ return (EINVAL);
+
IF_CLONERS_LOCK();
/*
* Set our internal output buffer size. We could end up not
@@ -261,12 +264,6 @@
/* Just asking how many there are. */
goto done;
}
-
- if (ifcr->ifcr_count < 0) {
- err = EINVAL;
- goto done;
- }
-
count = (if_cloners_count < buf_count) ?
if_cloners_count : buf_count;
%%%
--
Maxim Konovalov
More information about the freebsd-bugs
mailing list