Module Name: src
Committed By: snj
Date: Wed Aug 9 05:27:14 UTC 2017
Modified Files:
src/sys/netsmb [netbsd-8]: smb_dev.c smb_subr.c smb_subr.h smb_usr.c
Log Message:
Pull up following revision(s) (requested by spz in ticket #197):
sys/netsmb/smb_dev.c: revision 1.50
sys/netsmb/smb_subr.c: revision 1.38
sys/netsmb/smb_subr.h: revision 1.22
sys/netsmb/smb_usr.c: revision 1.17-1.19
Reject allocations for too-small buffers from userland.
>From Ilja Van Sprundel.
--
Plug another overflow: refuse bogus sa_len from user.
--
Reject negative ioc_setupcnt.
--
Reject negative offset/count for smb read/write.
Not clear that this is actually a problem for the kernel -- might
overwrite user's buffers or return garbage to user, but that's their
own damn fault. But it's hard to imagine that negative offset/count
ever makes sense, and I haven't ruled out a problem for the kernel.
To generate a diff of this commit:
cvs rdiff -u -r1.49 -r1.49.8.1 src/sys/netsmb/smb_dev.c
cvs rdiff -u -r1.37 -r1.37.12.1 src/sys/netsmb/smb_subr.c
cvs rdiff -u -r1.21 -r1.21.32.1 src/sys/netsmb/smb_subr.h
cvs rdiff -u -r1.16 -r1.16.56.1 src/sys/netsmb/smb_usr.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
