From 0e5948bb6b0fbb263d335c9fa1c7301047de8217 Mon Sep 17 00:00:00 2001 From: rwatson Date: Mon, 29 Sep 2003 18:35:17 +0000 Subject: If the struct mac copied into the kernel has a negative length, return EINVAL rather than failing the following malloc due to the value being too large. --- sys/security/mac/mac_syscalls.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'sys/security/mac/mac_syscalls.c') diff --git a/sys/security/mac/mac_syscalls.c b/sys/security/mac/mac_syscalls.c index 700b029..db3ade9 100644 --- a/sys/security/mac/mac_syscalls.c +++ b/sys/security/mac/mac_syscalls.c @@ -1176,7 +1176,8 @@ static int mac_check_structmac_consistent(struct mac *mac) { - if (mac->m_buflen > MAC_MAX_LABEL_BUF_LEN) + if (mac->m_buflen < 0 || + mac->m_buflen > MAC_MAX_LABEL_BUF_LEN) return (EINVAL); return (0); -- cgit v1.1