svn commit: r303173 - stable/10/sys/nlm

Sean Bruno Thu, 21 Jul 2016 20:10:25 -0700

Author: sbruno
Date: Fri Jul 22 03:09:47 2016
New Revision: 303173
URL: https://svnweb.freebsd.org/changeset/base/303173


Log:
  MFC r298351
  
  Avoid a possible heap overflow in our nlm code by limiting the number
  of service to the arbitrary value of 256.  Log an appropriate message
  that indicates the hard limit.

Modified:
  stable/10/sys/nlm/nlm_prot_impl.c

Modified: stable/10/sys/nlm/nlm_prot_impl.c
==============================================================================
--- stable/10/sys/nlm/nlm_prot_impl.c   Fri Jul 22 03:03:52 2016        
(r303172)
+++ stable/10/sys/nlm/nlm_prot_impl.c   Fri Jul 22 03:09:47 2016        
(r303173)
@@ -1439,6 +1439,12 @@ nlm_register_services(SVCPOOL *pool, int
                return (EINVAL);
        }
 
+       if (addr_count < 0 || addr_count > 256 ) {
+               NLM_ERR("NLM:  too many service addresses (%d) given, "
+                   "max 256 - can't start server\n", addr_count);
+               return (EINVAL);
+       }
+
        xprts = malloc(addr_count * sizeof(SVCXPRT *), M_NLM, M_WAITOK|M_ZERO);
        for (i = 0; i < version_count; i++) {
                for (j = 0; j < addr_count; j++) {
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

svn commit: r303173 - stable/10/sys/nlm

Reply via email to