jimzah/freebsd-src
1
0
Fork 0
mirror of https://github.com/freebsd/freebsd-src.git synced 2024-11-26 20:12:44 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

ng_parse: disallow negative length for malloc

Browse Source 
This is an interim robustness improvement; further improvements as
described in the PR and/or Phabricator review are still needed.

PR:		267334
Reported by:	Robert Morris <rtm@lcs.mit.edu>
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D37229
This commit is contained in:
Ed Maste 2022-11-01 10:01:29 -04:00
parent 169e23d41f
commit ae4f39464c
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
sys/netgraph/ng_parse.c
View File

@ -1207,6 +1207,8 @@ ng_parse_composite(const struct ng_parse_type *type, const char *s,
int align, len, blen, error = 0;
/* Initialize */
if (num < 0)
return (EINVAL);
foff = malloc(num * sizeof(*foff), M_NETGRAPH_PARSE, M_NOWAIT | M_ZERO);
if (foff == NULL) {
error = ENOMEM;