diff options
author | rwatson <rwatson@FreeBSD.org> | 2003-09-29 18:35:17 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2003-09-29 18:35:17 +0000 |
commit | 0e5948bb6b0fbb263d335c9fa1c7301047de8217 (patch) | |
tree | 47c1481436e72b7588b2964c34c6203146488293 /sys/security/mac/mac_process.c | |
parent | c12469c474767a03439e4c2177fe4ba934ad24db (diff) | |
download | FreeBSD-src-0e5948bb6b0fbb263d335c9fa1c7301047de8217.zip FreeBSD-src-0e5948bb6b0fbb263d335c9fa1c7301047de8217.tar.gz |
If the struct mac copied into the kernel has a negative length, return
EINVAL rather than failing the following malloc due to the value being
too large.
Diffstat (limited to 'sys/security/mac/mac_process.c')
-rw-r--r-- | sys/security/mac/mac_process.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/sys/security/mac/mac_process.c b/sys/security/mac/mac_process.c index 700b029..db3ade9 100644 --- a/sys/security/mac/mac_process.c +++ b/sys/security/mac/mac_process.c @@ -1176,7 +1176,8 @@ static int mac_check_structmac_consistent(struct mac *mac) { - if (mac->m_buflen > MAC_MAX_LABEL_BUF_LEN) + if (mac->m_buflen < 0 || + mac->m_buflen > MAC_MAX_LABEL_BUF_LEN) return (EINVAL); return (0); |