Module Name: src Committed By: msaitoh Date: Mon Jul 14 09:08:42 UTC 2014
Modified Files: src/sys/kern [netbsd-5]: sys_module.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1914): sys/kern/sys_module.c: revision 1.15 via patch Fix a user-controlled memory allocation. kmem_alloc(0) will panic the system. ok christos@ To generate a diff of this commit: cvs rdiff -u -r1.8.4.1 -r1.8.4.2 src/sys/kern/sys_module.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/sys/kern/sys_module.c diff -u src/sys/kern/sys_module.c:1.8.4.1 src/sys/kern/sys_module.c:1.8.4.2 --- src/sys/kern/sys_module.c:1.8.4.1 Sun May 3 13:07:39 2009 +++ src/sys/kern/sys_module.c Mon Jul 14 09:08:42 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: sys_module.c,v 1.8.4.1 2009/05/03 13:07:39 bouyer Exp $ */ +/* $NetBSD: sys_module.c,v 1.8.4.2 2014/07/14 09:08:42 msaitoh Exp $ */ /*- * Copyright (c) 2008 The NetBSD Foundation, Inc. @@ -31,7 +31,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: sys_module.c,v 1.8.4.1 2009/05/03 13:07:39 bouyer Exp $"); +__KERNEL_RCSID(0, "$NetBSD: sys_module.c,v 1.8.4.2 2014/07/14 09:08:42 msaitoh Exp $"); #include <sys/param.h> #include <sys/systm.h> @@ -43,6 +43,11 @@ __KERNEL_RCSID(0, "$NetBSD: sys_module.c #include <sys/syscall.h> #include <sys/syscallargs.h> +/* + * Arbitrary limit to avoid DoS for excessive memory allocation. + */ +#define MAXPROPSLEN 4096 + static int handle_modctl_load(modctl_load_t *ml) { @@ -63,6 +68,11 @@ handle_modctl_load(modctl_load_t *ml) if (error != 0) goto out2; + if (ml->ml_propslen > MAXPROPSLEN) { + error = ENOMEM; + goto out2; + } + propslen = ml->ml_propslen + 1; props = (char *)kmem_alloc(propslen, KM_SLEEP); if (props == NULL) {