diff options
author | kris <kris@FreeBSD.org> | 2001-09-10 11:28:07 +0000 |
---|---|---|
committer | kris <kris@FreeBSD.org> | 2001-09-10 11:28:07 +0000 |
commit | bd6f9cb9b63e7a70079067566e50b59abc81ce16 (patch) | |
tree | fd84e8d4d01cdc0f4ba330211093170c75b99172 /sys/i4b/layer4 | |
parent | 335f7eeb6361cc1f5a1fd9251b0f63ef3451f5ba (diff) | |
download | FreeBSD-src-bd6f9cb9b63e7a70079067566e50b59abc81ce16.zip FreeBSD-src-bd6f9cb9b63e7a70079067566e50b59abc81ce16.tar.gz |
Fix some signed/unsigned integer confusion, and add bounds checking of
arguments to some functions.
Obtained from: NetBSD
Reviewed by: peter
MFC after: 2 weeks
Diffstat (limited to 'sys/i4b/layer4')
-rw-r--r-- | sys/i4b/layer4/i4b_i4bdrv.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/sys/i4b/layer4/i4b_i4bdrv.c b/sys/i4b/layer4/i4b_i4bdrv.c index 71c200f..f26adf8 100644 --- a/sys/i4b/layer4/i4b_i4bdrv.c +++ b/sys/i4b/layer4/i4b_i4bdrv.c @@ -859,6 +859,13 @@ download_done: if(req.in_param_len) { + /* XXX arbitrary limit */ + if (req.in_param_len > + I4B_ACTIVE_DIAGNOSTIC_MAXPARAMLEN) { + error = EINVAL; + goto diag_done; + } + req.in_param = malloc(r->in_param_len, M_DEVBUF, M_WAITOK); if(!req.in_param) |