mirror/freebsd
1
0
Fork 0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-15 10:17:20 +00:00
Code Issues Releases Activity

Validate ifc->ifc_len before submitting its incarnation to sbuf_new,

Browse Source 
which will finally lead to kernel panic.

Security:	This prevents a local (root-launched) DoS
Submitted by:	Wojciech A. Koszek [dunstan at freebsd czest pl]
PR:		77421
MFC After:	1 week
This commit is contained in:
Xin LI 2005-02-12 17:51:12 +00:00
parent 3ee4a2a426
commit b0b4b28bf1
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=141749
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
sys/net/if.c
View File

@ -1544,6 +1544,10 @@ ifconf(u_long cmd, caddr_t data)
/* Limit initial buffer size to MAXPHYS to avoid DoS from userspace. */
max_len = MAXPHYS - 1;
/* Prevent hostile input from being able to crash the system */
if (ifc->ifc_len <= 0)
return (EINVAL);
again:
if (ifc->ifc_len <= max_len) {
max_len = ifc->ifc_len;