svn commit: r232750 - head/sys/kern
Peter Holm
pho at FreeBSD.org
Fri Mar 9 21:31:13 UTC 2012
Author: pho
Date: Fri Mar 9 21:31:12 2012
New Revision: 232750
URL: http://svn.freebsd.org/changeset/base/232750
Log:
Perform the parameter validation before assigning it to a signed int
variable. This fixes the problem seen with readdir(3) fuzzing.
Submitted by: bde
MFC after: 1 week
Modified:
head/sys/kern/vfs_syscalls.c
Modified: head/sys/kern/vfs_syscalls.c
==============================================================================
--- head/sys/kern/vfs_syscalls.c Fri Mar 9 21:02:39 2012 (r232749)
+++ head/sys/kern/vfs_syscalls.c Fri Mar 9 21:31:12 2012 (r232750)
@@ -4153,9 +4153,9 @@ kern_getdirentries(struct thread *td, in
int error, eofflag;
AUDIT_ARG_FD(fd);
- auio.uio_resid = count;
- if (auio.uio_resid > IOSIZE_MAX)
+ if (count > IOSIZE_MAX)
return (EINVAL);
+ auio.uio_resid = count;
if ((error = getvnode(td->td_proc->p_fd, fd, CAP_READ | CAP_SEEK,
&fp)) != 0)
return (error);
More information about the svn-src-head
mailing list