summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--sys/kern/kern_mac.c3
-rw-r--r--sys/security/mac/mac_framework.c3
-rw-r--r--sys/security/mac/mac_internal.h3
-rw-r--r--sys/security/mac/mac_net.c3
-rw-r--r--sys/security/mac/mac_pipe.c3
-rw-r--r--sys/security/mac/mac_process.c3
-rw-r--r--sys/security/mac/mac_syscalls.c3
-rw-r--r--sys/security/mac/mac_system.c3
-rw-r--r--sys/security/mac/mac_vfs.c3
9 files changed, 18 insertions, 9 deletions
diff --git a/sys/kern/kern_mac.c b/sys/kern/kern_mac.c
index 700b029..db3ade9 100644
--- a/sys/kern/kern_mac.c
+++ b/sys/kern/kern_mac.c
@@ -1176,7 +1176,8 @@ static int
mac_check_structmac_consistent(struct mac *mac)
{
- if (mac->m_buflen > MAC_MAX_LABEL_BUF_LEN)
+ if (mac->m_buflen < 0 ||
+ mac->m_buflen > MAC_MAX_LABEL_BUF_LEN)
return (EINVAL);
return (0);
diff --git a/sys/security/mac/mac_framework.c b/sys/security/mac/mac_framework.c
index 700b029..db3ade9 100644
--- a/sys/security/mac/mac_framework.c
+++ b/sys/security/mac/mac_framework.c
@@ -1176,7 +1176,8 @@ static int
mac_check_structmac_consistent(struct mac *mac)
{
- if (mac->m_buflen > MAC_MAX_LABEL_BUF_LEN)
+ if (mac->m_buflen < 0 ||
+ mac->m_buflen > MAC_MAX_LABEL_BUF_LEN)
return (EINVAL);
return (0);
diff --git a/sys/security/mac/mac_internal.h b/sys/security/mac/mac_internal.h
index 700b029..db3ade9 100644
--- a/sys/security/mac/mac_internal.h
+++ b/sys/security/mac/mac_internal.h
@@ -1176,7 +1176,8 @@ static int
mac_check_structmac_consistent(struct mac *mac)
{
- if (mac->m_buflen > MAC_MAX_LABEL_BUF_LEN)
+ if (mac->m_buflen < 0 ||
+ mac->m_buflen > MAC_MAX_LABEL_BUF_LEN)
return (EINVAL);
return (0);
diff --git a/sys/security/mac/mac_net.c b/sys/security/mac/mac_net.c
index 700b029..db3ade9 100644
--- a/sys/security/mac/mac_net.c
+++ b/sys/security/mac/mac_net.c
@@ -1176,7 +1176,8 @@ static int
mac_check_structmac_consistent(struct mac *mac)
{
- if (mac->m_buflen > MAC_MAX_LABEL_BUF_LEN)
+ if (mac->m_buflen < 0 ||
+ mac->m_buflen > MAC_MAX_LABEL_BUF_LEN)
return (EINVAL);
return (0);
diff --git a/sys/security/mac/mac_pipe.c b/sys/security/mac/mac_pipe.c
index 700b029..db3ade9 100644
--- a/sys/security/mac/mac_pipe.c
+++ b/sys/security/mac/mac_pipe.c
@@ -1176,7 +1176,8 @@ static int
mac_check_structmac_consistent(struct mac *mac)
{
- if (mac->m_buflen > MAC_MAX_LABEL_BUF_LEN)
+ if (mac->m_buflen < 0 ||
+ mac->m_buflen > MAC_MAX_LABEL_BUF_LEN)
return (EINVAL);
return (0);
diff --git a/sys/security/mac/mac_process.c b/sys/security/mac/mac_process.c
index 700b029..db3ade9 100644
--- a/sys/security/mac/mac_process.c
+++ b/sys/security/mac/mac_process.c
@@ -1176,7 +1176,8 @@ static int
mac_check_structmac_consistent(struct mac *mac)
{
- if (mac->m_buflen > MAC_MAX_LABEL_BUF_LEN)
+ if (mac->m_buflen < 0 ||
+ mac->m_buflen > MAC_MAX_LABEL_BUF_LEN)
return (EINVAL);
return (0);
diff --git a/sys/security/mac/mac_syscalls.c b/sys/security/mac/mac_syscalls.c
index 700b029..db3ade9 100644
--- a/sys/security/mac/mac_syscalls.c
+++ b/sys/security/mac/mac_syscalls.c
@@ -1176,7 +1176,8 @@ static int
mac_check_structmac_consistent(struct mac *mac)
{
- if (mac->m_buflen > MAC_MAX_LABEL_BUF_LEN)
+ if (mac->m_buflen < 0 ||
+ mac->m_buflen > MAC_MAX_LABEL_BUF_LEN)
return (EINVAL);
return (0);
diff --git a/sys/security/mac/mac_system.c b/sys/security/mac/mac_system.c
index 700b029..db3ade9 100644
--- a/sys/security/mac/mac_system.c
+++ b/sys/security/mac/mac_system.c
@@ -1176,7 +1176,8 @@ static int
mac_check_structmac_consistent(struct mac *mac)
{
- if (mac->m_buflen > MAC_MAX_LABEL_BUF_LEN)
+ if (mac->m_buflen < 0 ||
+ mac->m_buflen > MAC_MAX_LABEL_BUF_LEN)
return (EINVAL);
return (0);
diff --git a/sys/security/mac/mac_vfs.c b/sys/security/mac/mac_vfs.c
index 700b029..db3ade9 100644
--- a/sys/security/mac/mac_vfs.c
+++ b/sys/security/mac/mac_vfs.c
@@ -1176,7 +1176,8 @@ static int
mac_check_structmac_consistent(struct mac *mac)
{
- if (mac->m_buflen > MAC_MAX_LABEL_BUF_LEN)
+ if (mac->m_buflen < 0 ||
+ mac->m_buflen > MAC_MAX_LABEL_BUF_LEN)
return (EINVAL);
return (0);
OpenPOWER on IntegriCloud