aboutsummaryrefslogtreecommitdiff
path: root/sys/dev/firewire
diff options
context:
space:
mode:
authorColin Percival <cperciva@FreeBSD.org>2006-12-06 09:13:51 +0000
committerColin Percival <cperciva@FreeBSD.org>2006-12-06 09:13:51 +0000
commit8b0a738288f8e63f247c75ec1d1055b2d9509492 (patch)
treee6d0f5e4704f8a07327592eae9fc4554224bc923 /sys/dev/firewire
parentfc6c30f6c6ca24ef1507b7247a1f9de7096f634d (diff)
downloadsrc-8b0a738288f8e63f247c75ec1d1055b2d9509492.tar.gz
src-8b0a738288f8e63f247c75ec1d1055b2d9509492.zip
Correct a signedness bug which allowed members of the operator
group to read kernel memory. Security: FreeBSD-SA-06:25.kmem
Notes
Notes: svn path=/head/; revision=164940
Diffstat (limited to 'sys/dev/firewire')
-rw-r--r--sys/dev/firewire/fwdev.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/sys/dev/firewire/fwdev.c b/sys/dev/firewire/fwdev.c
index e42c30a78c97..5b461906f432 100644
--- a/sys/dev/firewire/fwdev.c
+++ b/sys/dev/firewire/fwdev.c
@@ -712,7 +712,7 @@ out:
else
len = fwdev->rommax - CSRROMOFF + 4;
}
- if (crom_buf->len < len)
+ if (crom_buf->len < len && crom_buf->len >= 0)
len = crom_buf->len;
else
crom_buf->len = len;
generated by cgit v1.2.3 (git 2.25.1) at 2024-10-17 21:37:55 +0000