diff options
author | pho <pho@FreeBSD.org> | 2012-03-09 21:31:12 +0000 |
---|---|---|
committer | pho <pho@FreeBSD.org> | 2012-03-09 21:31:12 +0000 |
commit | c84e05a07c264e6a9d31253b0dda946c9f94c230 (patch) | |
tree | 06525bf28d8d4985fc96a000b76e7774e154b90c /sys/kern/vfs_syscalls.c | |
parent | 29139aa04089c8746c4b5a4dbc5061d8cb4670db (diff) | |
download | FreeBSD-src-c84e05a07c264e6a9d31253b0dda946c9f94c230.zip FreeBSD-src-c84e05a07c264e6a9d31253b0dda946c9f94c230.tar.gz |
Perform the parameter validation before assigning it to a signed int
variable. This fixes the problem seen with readdir(3) fuzzing.
Submitted by: bde
MFC after: 1 week
Diffstat (limited to 'sys/kern/vfs_syscalls.c')
-rw-r--r-- | sys/kern/vfs_syscalls.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c index 1939899..613f30d 100644 --- a/sys/kern/vfs_syscalls.c +++ b/sys/kern/vfs_syscalls.c @@ -4153,9 +4153,9 @@ kern_getdirentries(struct thread *td, int fd, char *buf, u_int count, int error, eofflag; AUDIT_ARG_FD(fd); - auio.uio_resid = count; - if (auio.uio_resid > IOSIZE_MAX) + if (count > IOSIZE_MAX) return (EINVAL); + auio.uio_resid = count; if ((error = getvnode(td->td_proc->p_fd, fd, CAP_READ | CAP_SEEK, &fp)) != 0) return (error); |