diff options
| author | nectar <nectar@FreeBSD.org> | 2003-08-10 23:26:16 +0000 |
|---|---|---|
| committer | nectar <nectar@FreeBSD.org> | 2003-08-10 23:26:16 +0000 |
| commit | f9f13dbaf0fd714b1af49838c48e2144670d8da8 (patch) | |
| tree | 859643fef9b892ed99afca109691bd6fce3e7200 /sys/i386/ibcs2 | |
| parent | 78ff87db8b921ed26b987d884f8c68357c85569e (diff) | |
| download | FreeBSD-src-f9f13dbaf0fd714b1af49838c48e2144670d8da8.zip FreeBSD-src-f9f13dbaf0fd714b1af49838c48e2144670d8da8.tar.gz | |
The iBCS2 system call translator for statfs(2) did not check the
length parameter for validity.
Submitted by: David Rhodus <drhodus@catpa.com>
Diffstat (limited to 'sys/i386/ibcs2')
| -rw-r--r-- | sys/i386/ibcs2/ibcs2_stat.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/sys/i386/ibcs2/ibcs2_stat.c b/sys/i386/ibcs2/ibcs2_stat.c index 74f8f7c..33bf8c2 100644 --- a/sys/i386/ibcs2/ibcs2_stat.c +++ b/sys/i386/ibcs2/ibcs2_stat.c @@ -83,6 +83,10 @@ cvt_statfs(sp, buf, len) { struct ibcs2_statfs ssfs; + if (len < 0) + return (EINVAL); + else if (len > sizeof(ssfs)) + len = sizeof(ssfs); bzero(&ssfs, sizeof ssfs); ssfs.f_fstyp = 0; ssfs.f_bsize = sp->f_bsize; |
