PERFORCE change 188976 for review
Edward Tomasz Napierala
trasz at FreeBSD.org
Sun Feb 20 17:01:38 UTC 2011
http://p4web.freebsd.org/@@188976?ac=10
Change 188976 by trasz at trasz_victim on 2011/02/20 17:00:33
Prevent root from crashing the system by adding a rule with too long
loginclass name.
Affected files ...
.. //depot/projects/soc2009/trasz_limits/sys/kern/kern_loginclass.c#30 edit
.. //depot/projects/soc2009/trasz_limits/sys/kern/kern_rctl.c#33 edit
Differences ...
==== //depot/projects/soc2009/trasz_limits/sys/kern/kern_loginclass.c#30 (text+ko) ====
@@ -113,8 +113,8 @@
{
struct loginclass *lc, *newlc;
- KASSERT(strlen(name) <= MAXLOGNAME - 1,
- ("loginclass_find: got too long name"));
+ if (strlen(name) > MAXLOGNAME - 1)
+ return (NULL);
newlc = malloc(sizeof(*newlc), M_LOGINCLASS, M_ZERO | M_WAITOK);
container_create(&newlc->lc_container);
@@ -200,6 +200,7 @@
newcred = crget();
newlc = loginclass_find(lcname);
+ KASSERT(newlc != NULL, ("loginclass_find() failed"));
PROC_LOCK(p);
oldcred = crcopysafe(p, newcred);
==== //depot/projects/soc2009/trasz_limits/sys/kern/kern_rctl.c#33 (text+ko) ====
@@ -837,6 +837,10 @@
case RCTL_SUBJECT_TYPE_LOGINCLASS:
rule->rr_subject.hr_loginclass =
loginclass_find(subject_idstr);
+ if (rule->rr_subject.hr_loginclass == NULL) {
+ error = ENAMETOOLONG;
+ goto out;
+ }
break;
case RCTL_SUBJECT_TYPE_JAIL:
rule->rr_subject.rs_prison =
More information about the p4-projects
mailing list