diff options
author | trasz <trasz@FreeBSD.org> | 2016-03-31 17:00:47 +0000 |
---|---|---|
committer | trasz <trasz@FreeBSD.org> | 2016-03-31 17:00:47 +0000 |
commit | 1191e723226364d278286525dd91e07dc3941f7b (patch) | |
tree | 07fd8077151335471d31f3e9c16079b1c8190ecf /sys/kern | |
parent | f2f9534e13740deb0af6a242fcd503d91ec10582 (diff) | |
download | FreeBSD-src-1191e723226364d278286525dd91e07dc3941f7b.zip FreeBSD-src-1191e723226364d278286525dd91e07dc3941f7b.tar.gz |
Fix overflows, making it impossible to add negative amounts using rctl(8).
MFC after: 1 month
Sponsored by: The FreeBSD Foundation
Diffstat (limited to 'sys/kern')
-rw-r--r-- | sys/kern/kern_rctl.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/sys/kern/kern_rctl.c b/sys/kern/kern_rctl.c index b0d3fd6..6edeb82 100644 --- a/sys/kern/kern_rctl.c +++ b/sys/kern/kern_rctl.c @@ -642,6 +642,9 @@ str2int64(const char *str, int64_t *value) if ((size_t)(end - str) != strlen(str)) return (EINVAL); + if (*value < 0) + return (ERANGE); + return (0); } @@ -1008,8 +1011,13 @@ rctl_string_to_rule(char *rulestr, struct rctl_rule **rulep) error = str2int64(amountstr, &rule->rr_amount); if (error != 0) goto out; - if (RACCT_IS_IN_MILLIONS(rule->rr_resource)) + if (RACCT_IS_IN_MILLIONS(rule->rr_resource)) { + if (rule->rr_amount > INT64_MAX / 1000000) { + error = ERANGE; + goto out; + } rule->rr_amount *= 1000000; + } } if (perstr == NULL || perstr[0] == '\0') |