diff options
| author | Jacques Vidrine <nectar@FreeBSD.org> | 2003-08-10 23:26:16 +0000 |
|---|---|---|
| committer | Jacques Vidrine <nectar@FreeBSD.org> | 2003-08-10 23:26:16 +0000 |
| commit | e059b0f0164394576d692cbcc9fa7ae4c0b4281c (patch) | |
| tree | 859643fef9b892ed99afca109691bd6fce3e7200 /sys/i386/ibcs2/ibcs2_stat.c | |
| parent | 41b3077a6c8c6a258c45f6ab00c3df35bb5184dc (diff) | |
| download | src-e059b0f0164394576d692cbcc9fa7ae4c0b4281c.tar.gz src-e059b0f0164394576d692cbcc9fa7ae4c0b4281c.zip | |
The iBCS2 system call translator for statfs(2) did not check the
length parameter for validity.
Submitted by: David Rhodus <drhodus@catpa.com>
Notes
Notes:
svn path=/head/; revision=118754
Diffstat (limited to 'sys/i386/ibcs2/ibcs2_stat.c')
| -rw-r--r-- | sys/i386/ibcs2/ibcs2_stat.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/sys/i386/ibcs2/ibcs2_stat.c b/sys/i386/ibcs2/ibcs2_stat.c index 74f8f7c92c4c..33bf8c25cce2 100644 --- a/sys/i386/ibcs2/ibcs2_stat.c +++ b/sys/i386/ibcs2/ibcs2_stat.c @@ -83,6 +83,10 @@ cvt_statfs(sp, buf, len) { struct ibcs2_statfs ssfs; + if (len < 0) + return (EINVAL); + else if (len > sizeof(ssfs)) + len = sizeof(ssfs); bzero(&ssfs, sizeof ssfs); ssfs.f_fstyp = 0; ssfs.f_bsize = sp->f_bsize; |