Perform the parameter validation before assigning it to a signed int

variable. This fixes the problem seen with readdir(3) fuzzing. Submitted by: bde MFC after: 1 week
author: pho <pho@FreeBSD.org> 2012-03-09 21:31:12 +0000
committer: pho <pho@FreeBSD.org> 2012-03-09 21:31:12 +0000
commit: c84e05a07c264e6a9d31253b0dda946c9f94c230 (patch)
tree: 06525bf28d8d4985fc96a000b76e7774e154b90c /sys/kern/vfs_syscalls.c
parent: 29139aa04089c8746c4b5a4dbc5061d8cb4670db (diff)
download: FreeBSD-src-c84e05a07c264e6a9d31253b0dda946c9f94c230.zip
FreeBSD-src-c84e05a07c264e6a9d31253b0dda946c9f94c230.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c
index 1939899..613f30d 100644
--- a/sys/kern/vfs_syscalls.c
+++ b/sys/kern/vfs_syscalls.c
@@ -4153,9 +4153,9 @@ kern_getdirentries(struct thread *td, int fd, char *buf, u_int count,
 	int error, eofflag;
 
 	AUDIT_ARG_FD(fd);
-	auio.uio_resid = count;
-	if (auio.uio_resid > IOSIZE_MAX)
+	if (count > IOSIZE_MAX)
 		return (EINVAL);
+	auio.uio_resid = count;
 	if ((error = getvnode(td->td_proc->p_fd, fd, CAP_READ | CAP_SEEK,
 	    &fp)) != 0)
 		return (error);
author	pho <pho@FreeBSD.org>	2012-03-09 21:31:12 +0000
committer	pho <pho@FreeBSD.org>	2012-03-09 21:31:12 +0000
commit	c84e05a07c264e6a9d31253b0dda946c9f94c230 (patch)
tree	06525bf28d8d4985fc96a000b76e7774e154b90c /sys/kern/vfs_syscalls.c
parent	29139aa04089c8746c4b5a4dbc5061d8cb4670db (diff)
download	FreeBSD-src-c84e05a07c264e6a9d31253b0dda946c9f94c230.zip FreeBSD-src-c84e05a07c264e6a9d31253b0dda946c9f94c230.tar.gz