diff options
| author | mav <mav@FreeBSD.org> | 2017-01-21 08:15:51 +0000 |
|---|---|---|
| committer | mav <mav@FreeBSD.org> | 2017-01-21 08:15:51 +0000 |
| commit | c913ce39427c6fb7c1fcb1b734f3ba7e4a26455c (patch) | |
| tree | af4a96583b68416e606bb3715311fec2653d45da /sbin | |
| parent | fc8dfdcd7aea5190b91223c5cb9e5f327ca83ae3 (diff) | |
| download | FreeBSD-src-c913ce39427c6fb7c1fcb1b734f3ba7e4a26455c.zip FreeBSD-src-c913ce39427c6fb7c1fcb1b734f3ba7e4a26455c.tar.gz | |
MFC r311623: Make do_buff_decode() not read past the end of the buffer.
Abort format processing as soon as we have no enough data.
Diffstat (limited to 'sbin')
| -rw-r--r-- | sbin/camcontrol/modeedit.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/sbin/camcontrol/modeedit.c b/sbin/camcontrol/modeedit.c index 8262c3c..c98e0c5 100644 --- a/sbin/camcontrol/modeedit.c +++ b/sbin/camcontrol/modeedit.c @@ -193,7 +193,14 @@ editentry_save(void *hook __unused, char *name) struct editentry *src; /* Entry value to save. */ src = editentry_lookup(name); - assert(src != NULL); + if (src == 0) { + /* + * This happens if field does not fit into read page size. + * It also means that this field won't be written, so the + * returned value does not really matter. + */ + return (0); + } switch (src->type) { case 'i': /* Byte-sized integral type. */ |
