Module Name: src Committed By: snj Date: Sat Aug 19 04:44:54 UTC 2017
Modified Files: src/sys/netsmb [netbsd-6-1]: smb_dev.c smb_subr.c smb_subr.h smb_usr.c Log Message: Pull up following revision(s) (requested by mrg in ticket #1487): sys/netsmb/smb_dev.c: 1.50 sys/netsmb/smb_subr.c: 1.38 sys/netsmb/smb_subr.h: 1.22 sys/netsmb/smb_usr.c: 1.17-1.19 Reject allocations for too-small buffers from userland. >From Ilja Van Sprundel. -- Plug another overflow: refuse bogus sa_len from user. -- Reject negative ioc_setupcnt. -- Reject negative offset/count for smb read/write. Not clear that this is actually a problem for the kernel -- might overwrite user's buffers or return garbage to user, but that's their own damn fault. But it's hard to imagine that negative offset/count ever makes sense, and I haven't ruled out a problem for the kernel. To generate a diff of this commit: cvs rdiff -u -r1.39 -r1.39.20.1 src/sys/netsmb/smb_dev.c cvs rdiff -u -r1.36 -r1.36.22.1 src/sys/netsmb/smb_subr.c cvs rdiff -u -r1.20 -r1.20.20.1 src/sys/netsmb/smb_subr.h cvs rdiff -u -r1.16 -r1.16.32.1 src/sys/netsmb/smb_usr.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.