Marin Ramesa, le Mon 09 Dec 2013 23:57:41 +0100, a écrit :
> Check if addr_byte_count is negative. If it is negative the call to
> memcpy() will fail. In that case return KERN_INVALID_ARGUMENT.
Ditto.
> * device/net_io.c (net_getstat): Check if addr_byte_count is negative.
>
> ---
> device/net_io.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/device/net_io.c b/device/net_io.c
> index b3ec292..f437340 100644
> --- a/device/net_io.c
> +++ b/device/net_io.c
> @@ -1404,7 +1404,8 @@ net_getstat(ifp, flavor, status, count)
> int addr_int_count;
> int i;
>
> - addr_byte_count = ifp->if_address_size;
> + if ((addr_byte_count = ifp->if_address_size) < 0)
> + return KERN_INVALID_ARGUMENT;
> addr_int_count = (addr_byte_count + (sizeof(int)-1))
> / sizeof(int);
>
> --
> 1.8.1.4
>
>
--
Samuel
/*
* Oops. The kernel tried to access some bad page. We'll have to
* terminate things with extreme prejudice.
*/
die_if_kernel("Oops", regs, error_code);
(From linux/arch/i386/mm/fault.c)
