Module Name: src
Committed By: msaitoh
Date: Mon Jul 14 06:33:55 UTC 2014
Modified Files:
src/sys/kern [netbsd-6-0]: sys_module.c
Log Message:
Pull up following revision(s) (requested by maxv in ticket #1098):
sys/kern/sys_module.c: revision 1.15
Fix a user-controlled memory allocation. kmem_alloc(0) will panic the system.
ok christos@
To generate a diff of this commit:
cvs rdiff -u -r1.13 -r1.13.12.1 src/sys/kern/sys_module.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/kern/sys_module.c
diff -u src/sys/kern/sys_module.c:1.13 src/sys/kern/sys_module.c:1.13.12.1
--- src/sys/kern/sys_module.c:1.13 Fri Jul 8 09:32:45 2011
+++ src/sys/kern/sys_module.c Mon Jul 14 06:33:55 2014
@@ -1,4 +1,4 @@
-/* $NetBSD: sys_module.c,v 1.13 2011/07/08 09:32:45 mrg Exp $ */
+/* $NetBSD: sys_module.c,v 1.13.12.1 2014/07/14 06:33:55 msaitoh Exp $ */
/*-
* Copyright (c) 2008 The NetBSD Foundation, Inc.
@@ -31,7 +31,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: sys_module.c,v 1.13 2011/07/08 09:32:45 mrg Exp $");
+__KERNEL_RCSID(0, "$NetBSD: sys_module.c,v 1.13.12.1 2014/07/14 06:33:55 msaitoh Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -43,6 +43,11 @@ __KERNEL_RCSID(0, "$NetBSD: sys_module.c
#include <sys/syscall.h>
#include <sys/syscallargs.h>
+/*
+ * Arbitrary limit to avoid DoS for excessive memory allocation.
+ */
+#define MAXPROPSLEN 4096
+
static int
handle_modctl_load(modctl_load_t *ml)
{
@@ -64,7 +69,12 @@ handle_modctl_load(modctl_load_t *ml)
goto out2;
if (ml->ml_props != NULL) {
+ if (ml->ml_propslen > MAXPROPSLEN) {
+ error = ENOMEM;
+ goto out2;
+ }
propslen = ml->ml_propslen + 1;
+
props = (char *)kmem_alloc(propslen, KM_SLEEP);
if (props == NULL) {
error = ENOMEM;
