Check if addr_byte_count is negative. If it is negative the call to
memcpy() will fail. In that case return KERN_INVALID_ARGUMENT.
* device/net_io.c (net_getstat): Check if addr_byte_count is negative.
---
device/net_io.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/device/net_io.c b/device/net_io.c
index b3ec292..f437340 100644
--- a/device/net_io.c
+++ b/device/net_io.c
@@ -1404,7 +1404,8 @@ net_getstat(ifp, flavor, status, count)
int addr_int_count;
int i;
- addr_byte_count = ifp->if_address_size;
+ if ((addr_byte_count = ifp->if_address_size) < 0)
+ return KERN_INVALID_ARGUMENT;
addr_int_count = (addr_byte_count + (sizeof(int)-1))
/ sizeof(int);
--
1.8.1.4
