MFC r298351

Avoid a possible heap overflow in our nlm code by limiting the number of service to the arbitrary value of 256. Log an appropriate message that indicates the hard limit.
author: sbruno <sbruno@FreeBSD.org> 2016-07-22 03:09:47 +0000
committer: sbruno <sbruno@FreeBSD.org> 2016-07-22 03:09:47 +0000
commit: d26ee5186f346d81c40513713215d140ffa3a30f (patch)
tree: e20a8c2d2b629ad358b7ddb699a83e0d6a48566d
parent: 12a626dd41e19152d56e21bc82f39feb921c3cfb (diff)
download: FreeBSD-src-d26ee5186f346d81c40513713215d140ffa3a30f.zip
FreeBSD-src-d26ee5186f346d81c40513713215d140ffa3a30f.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/sys/nlm/nlm_prot_impl.c b/sys/nlm/nlm_prot_impl.c
index 74fae87..915538b 100644
--- a/sys/nlm/nlm_prot_impl.c
+++ b/sys/nlm/nlm_prot_impl.c
@@ -1439,6 +1439,12 @@ nlm_register_services(SVCPOOL *pool, int addr_count, char **addrs)
 		return (EINVAL);
 	}
 
+	if (addr_count < 0 || addr_count > 256 ) {
+		NLM_ERR("NLM:  too many service addresses (%d) given, "
+		    "max 256 - can't start server\n", addr_count);
+		return (EINVAL);
+	}
+
 	xprts = malloc(addr_count * sizeof(SVCXPRT *), M_NLM, M_WAITOK|M_ZERO);
 	for (i = 0; i < version_count; i++) {
 		for (j = 0; j < addr_count; j++) {
author	sbruno <sbruno@FreeBSD.org>	2016-07-22 03:09:47 +0000
committer	sbruno <sbruno@FreeBSD.org>	2016-07-22 03:09:47 +0000
commit	d26ee5186f346d81c40513713215d140ffa3a30f (patch)
tree	e20a8c2d2b629ad358b7ddb699a83e0d6a48566d
parent	12a626dd41e19152d56e21bc82f39feb921c3cfb (diff)
download	FreeBSD-src-d26ee5186f346d81c40513713215d140ffa3a30f.zip FreeBSD-src-d26ee5186f346d81c40513713215d140ffa3a30f.tar.gz