diff options
| author | Miod Vallat <miod@cvs.openbsd.org> | 2006-01-19 23:54:42 +0000 |
|---|---|---|
| committer | Miod Vallat <miod@cvs.openbsd.org> | 2006-01-19 23:54:42 +0000 |
| commit | bb9bc5f38e905964c1510cb74dcd43bbb8c821f4 (patch) | |
| tree | f7dbfd61b8a1c93a2dc83aaf918ef95637f2b926 /sys/arch/hp300 | |
| parent | 2b3e1f229e47026124bf8b7acf3efc3be6bafc02 (diff) | |
Bounds check PPIIOCSSEC argument, for a carefully choosen invalid value
could cause any ppi transfer to freeze the bus.
Diffstat (limited to 'sys/arch/hp300')
| -rw-r--r-- | sys/arch/hp300/dev/ppi.c | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/sys/arch/hp300/dev/ppi.c b/sys/arch/hp300/dev/ppi.c index 809af68dd58..60b42b0770d 100644 --- a/sys/arch/hp300/dev/ppi.c +++ b/sys/arch/hp300/dev/ppi.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ppi.c,v 1.14 2005/11/14 19:23:40 miod Exp $ */ +/* $OpenBSD: ppi.c,v 1.15 2006/01/19 23:54:41 miod Exp $ */ /* $NetBSD: ppi.c,v 1.13 1997/04/02 22:37:33 scottr Exp $ */ /* @@ -434,6 +434,7 @@ ppiioctl(dev, cmd, data, flag, p) { struct ppi_softc *sc = ppi_cd.cd_devs[UNIT(dev)]; struct ppiparam *pp, *upp; + int tmp; int error = 0; switch (cmd) { @@ -455,10 +456,14 @@ ppiioctl(dev, cmd, data, flag, p) pp->delay = ppimstohz(upp->delay); break; case PPIIOCSSEC: - sc->sc_sec = *(int *)data; + tmp = *(int *)data; + if (tmp == -1 || (tmp >= 0 && tmp <= 0x1f)) + sc->sc_sec = tmp; + else + error = EINVAL; break; default: - return(EINVAL); + return (ENOTTY); } return (error); } |