diff options
author | Michael Shalayeff <mickey@cvs.openbsd.org> | 2006-07-20 15:42:10 +0000 |
---|---|---|
committer | Michael Shalayeff <mickey@cvs.openbsd.org> | 2006-07-20 15:42:10 +0000 |
commit | 85f5ff8ea1d2e32abd16921ba5a0caa9878efa0b (patch) | |
tree | 5579532b160a527f8d321abca1dc89f0f20284b9 /sys | |
parent | 410dfca66ed939ab879c4f83d6287dc45e1cd5e5 (diff) |
do some range checking on ccio passed from user; pt out by ramrunner@gmail.com
Diffstat (limited to 'sys')
-rw-r--r-- | sys/dev/ccd.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/sys/dev/ccd.c b/sys/dev/ccd.c index 7a309e12a63..a702ae895f5 100644 --- a/sys/dev/ccd.c +++ b/sys/dev/ccd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ccd.c,v 1.64 2006/01/09 12:43:16 pedro Exp $ */ +/* $OpenBSD: ccd.c,v 1.65 2006/07/20 15:42:09 mickey Exp $ */ /* $NetBSD: ccd.c,v 1.33 1996/05/05 04:21:14 thorpej Exp $ */ /*- @@ -1151,6 +1151,10 @@ ccdioctl(dev_t dev, u_long cmd, caddr_t data, int flag, struct proc *p) if (cs->sc_flags & CCDF_INITED) return (EBUSY); + if (ccio->ccio_ndisks == 0 || ccio->ccio_ndisks > INT_MAX || + ccio->ccio_ileave <= 0 || ccio->ccio_ileave > INT_MAX) + return (EINVAL); + if ((error = ccdlock(cs)) != 0) return (error); |