diff options
| author | Constantine Sapuntzakis <csapuntz@cvs.openbsd.org> | 2001-10-02 17:21:03 +0000 |
|---|---|---|
| committer | Constantine Sapuntzakis <csapuntz@cvs.openbsd.org> | 2001-10-02 17:21:03 +0000 |
| commit | 841756b7892fafbdbf3c0656d51bc142831e4f6d (patch) | |
| tree | 03f624b667ddb8f58ea6651559848bee595d3eb1 | |
| parent | 11336ca1e1d6e4bf4e5899297e63adc77d797994 (diff) | |
Bounds check index into routing table. Thanks to Ken Ashcraft of Stanford
for finding this bug.
| -rw-r--r-- | sys/kern/vfs_subr.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/sys/kern/vfs_subr.c b/sys/kern/vfs_subr.c index 368a42aca2f..588d6988b1e 100644 --- a/sys/kern/vfs_subr.c +++ b/sys/kern/vfs_subr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: vfs_subr.c,v 1.67 2001/09/19 22:52:41 csapuntz Exp $ */ +/* $OpenBSD: vfs_subr.c,v 1.68 2001/10/02 17:21:02 csapuntz Exp $ */ /* $NetBSD: vfs_subr.c,v 1.53 1996/04/22 01:39:13 christos Exp $ */ /* @@ -1533,6 +1533,10 @@ vfs_hang_addrlist(mp, nep, argp) smask->sa_len = argp->ex_masklen; } i = saddr->sa_family; + if (i < 0 || i > AF_MAX) { + error = EINVAL; + goto out; + } if ((rnh = nep->ne_rtable[i]) == 0) { /* * Seems silly to initialize every AF when most are not |