diff options
author | Colin Percival <cperciva@FreeBSD.org> | 2006-12-06 09:13:51 +0000 |
---|---|---|
committer | Colin Percival <cperciva@FreeBSD.org> | 2006-12-06 09:13:51 +0000 |
commit | 8b0a738288f8e63f247c75ec1d1055b2d9509492 (patch) | |
tree | e6d0f5e4704f8a07327592eae9fc4554224bc923 /sys/dev/firewire | |
parent | fc6c30f6c6ca24ef1507b7247a1f9de7096f634d (diff) | |
download | src-8b0a738288f8e63f247c75ec1d1055b2d9509492.tar.gz src-8b0a738288f8e63f247c75ec1d1055b2d9509492.zip |
Correct a signedness bug which allowed members of the operator
group to read kernel memory.
Security: FreeBSD-SA-06:25.kmem
Notes
Notes:
svn path=/head/; revision=164940
Diffstat (limited to 'sys/dev/firewire')
-rw-r--r-- | sys/dev/firewire/fwdev.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/sys/dev/firewire/fwdev.c b/sys/dev/firewire/fwdev.c index e42c30a78c97..5b461906f432 100644 --- a/sys/dev/firewire/fwdev.c +++ b/sys/dev/firewire/fwdev.c @@ -712,7 +712,7 @@ out: else len = fwdev->rommax - CSRROMOFF + 4; } - if (crom_buf->len < len) + if (crom_buf->len < len && crom_buf->len >= 0) len = crom_buf->len; else crom_buf->len = len; |