Correct a signedness bug which allowed members of the operator

group to read kernel memory. Security: FreeBSD-SA-06:25.kmem
author: cperciva <cperciva@FreeBSD.org> 2006-12-06 09:13:51 +0000
committer: cperciva <cperciva@FreeBSD.org> 2006-12-06 09:13:51 +0000
commit: d8a0af2579fffb39a23b2a1113ed580e8c80a2a3 (patch)
tree: e6d0f5e4704f8a07327592eae9fc4554224bc923 /sys/dev
parent: 948c671f4acdf2360200fff8a5c750a87ba86e1a (diff)
download: FreeBSD-src-d8a0af2579fffb39a23b2a1113ed580e8c80a2a3.zip
FreeBSD-src-d8a0af2579fffb39a23b2a1113ed580e8c80a2a3.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/sys/dev/firewire/fwdev.c b/sys/dev/firewire/fwdev.c
index e42c30a..5b46190 100644
--- a/sys/dev/firewire/fwdev.c
+++ b/sys/dev/firewire/fwdev.c
@@ -712,7 +712,7 @@ out:
 			else
 				len = fwdev->rommax - CSRROMOFF + 4;
 		}
-		if (crom_buf->len < len)
+		if (crom_buf->len < len && crom_buf->len >= 0)
 			len = crom_buf->len;
 		else
 			crom_buf->len = len;
author	cperciva <cperciva@FreeBSD.org>	2006-12-06 09:13:51 +0000
committer	cperciva <cperciva@FreeBSD.org>	2006-12-06 09:13:51 +0000
commit	d8a0af2579fffb39a23b2a1113ed580e8c80a2a3 (patch)
tree	e6d0f5e4704f8a07327592eae9fc4554224bc923 /sys/dev
parent	948c671f4acdf2360200fff8a5c750a87ba86e1a (diff)
download	FreeBSD-src-d8a0af2579fffb39a23b2a1113ed580e8c80a2a3.zip FreeBSD-src-d8a0af2579fffb39a23b2a1113ed580e8c80a2a3.tar.gz