On Tue, Aug 15, 2017 at 02:40:32PM +0200, Mike Belopuhov wrote: > Hi, > > Coverity has discovered that we're blindly trusting the value > of pfra_type that we read from the userland supplied pfr_addr > and use it to index an array of pools in pfr_create_kentry. > > I suggest to do two things: add a check in pfr_validate_addr > that is called after every copyin and also perform the check > in pfr_create_kentry before we attempt to use the value. > > OK?
ok jsg@