summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorsbruno <sbruno@FreeBSD.org>2016-07-22 03:09:47 +0000
committersbruno <sbruno@FreeBSD.org>2016-07-22 03:09:47 +0000
commitd26ee5186f346d81c40513713215d140ffa3a30f (patch)
treee20a8c2d2b629ad358b7ddb699a83e0d6a48566d
parent12a626dd41e19152d56e21bc82f39feb921c3cfb (diff)
downloadFreeBSD-src-d26ee5186f346d81c40513713215d140ffa3a30f.zip
FreeBSD-src-d26ee5186f346d81c40513713215d140ffa3a30f.tar.gz
MFC r298351
Avoid a possible heap overflow in our nlm code by limiting the number of service to the arbitrary value of 256. Log an appropriate message that indicates the hard limit.
-rw-r--r--sys/nlm/nlm_prot_impl.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/sys/nlm/nlm_prot_impl.c b/sys/nlm/nlm_prot_impl.c
index 74fae87..915538b 100644
--- a/sys/nlm/nlm_prot_impl.c
+++ b/sys/nlm/nlm_prot_impl.c
@@ -1439,6 +1439,12 @@ nlm_register_services(SVCPOOL *pool, int addr_count, char **addrs)
return (EINVAL);
}
+ if (addr_count < 0 || addr_count > 256 ) {
+ NLM_ERR("NLM: too many service addresses (%d) given, "
+ "max 256 - can't start server\n", addr_count);
+ return (EINVAL);
+ }
+
xprts = malloc(addr_count * sizeof(SVCXPRT *), M_NLM, M_WAITOK|M_ZERO);
for (i = 0; i < version_count; i++) {
for (j = 0; j < addr_count; j++) {
OpenPOWER on IntegriCloud