diff options
author | Colin Percival <cperciva@FreeBSD.org> | 2004-12-01 21:33:02 +0000 |
---|---|---|
committer | Colin Percival <cperciva@FreeBSD.org> | 2004-12-01 21:33:02 +0000 |
commit | 691b3b0df9b4bfecb8c593212bc9fa604116f7b2 (patch) | |
tree | 7cc926ca081a1eae95527fc48d708c1df97d999c /sys/fs/procfs | |
parent | 7e1f562e2a84c6cd4690d0e3d67f3d96ca1ea287 (diff) | |
download | src-691b3b0df9b4bfecb8c593212bc9fa604116f7b2.tar.gz src-691b3b0df9b4bfecb8c593212bc9fa604116f7b2.zip |
Fix unvalidated pointer dereference. This is FreeBSD-SA-04:17.procfs.
Notes
Notes:
svn path=/head/; revision=138281
Diffstat (limited to 'sys/fs/procfs')
-rw-r--r-- | sys/fs/procfs/procfs_status.c | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/sys/fs/procfs/procfs_status.c b/sys/fs/procfs/procfs_status.c index b832f42289e8..29e5d1f15db5 100644 --- a/sys/fs/procfs/procfs_status.c +++ b/sys/fs/procfs/procfs_status.c @@ -173,6 +173,7 @@ int procfs_doproccmdline(PFS_FILL_ARGS) { struct ps_strings pstr; + char **ps_argvstr; int error, i; /* @@ -199,10 +200,21 @@ procfs_doproccmdline(PFS_FILL_ARGS) sizeof(pstr)); if (error) return (error); + if (pstr.ps_nargvstr > ARG_MAX) + return (E2BIG); + ps_argvstr = malloc(pstr.ps_nargvstr * sizeof(char *), + M_TEMP, M_WAITOK); + error = copyin((void *)pstr.ps_argvstr, ps_argvstr, + pstr.ps_nargvstr * sizeof(char *)); + if (error) { + free(ps_argvstr, M_TEMP); + return (error); + } for (i = 0; i < pstr.ps_nargvstr; i++) { - sbuf_copyin(sb, pstr.ps_argvstr[i], 0); + sbuf_copyin(sb, ps_argvstr[i], 0); sbuf_printf(sb, "%c", '\0'); } + free(ps_argvstr, M_TEMP); } return (0); |