diff options
| author | Colin Percival <cperciva@FreeBSD.org> | 2006-12-06 09:18:02 +0000 |
|---|---|---|
| committer | Colin Percival <cperciva@FreeBSD.org> | 2006-12-06 09:18:02 +0000 |
| commit | bd1be22e3c9cf62f60c784c402390b821441a344 (patch) | |
| tree | a4cc7838e72842fea0c62cb11241506f9ba3b43f /sys/dev/firewire/fwdev.c | |
| parent | c86ddc159169e05b81ff2b0c5b81e698a4ecf6c8 (diff) | |
Correct a signedness bug which allowed members of the operatorreleng/4.11
group to read kernel memory. [1]
Disable handling of GNUTYPE_NAMES tar file entries by default,
since they can be used to extract files outside of the cwd. [2]
Security: FreeBSD-SA-06:25.kmem [1]
Security: FreeBSD-SA-06:26.gtar [2]
Approved by: so (cperciva)
Notes
Notes:
svn path=/releng/4.11/; revision=164944
Diffstat (limited to 'sys/dev/firewire/fwdev.c')
| -rw-r--r-- | sys/dev/firewire/fwdev.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/sys/dev/firewire/fwdev.c b/sys/dev/firewire/fwdev.c index ae736c2969ba..f8789ec6f60f 100644 --- a/sys/dev/firewire/fwdev.c +++ b/sys/dev/firewire/fwdev.c @@ -704,7 +704,7 @@ out: else len = fwdev->rommax - CSRROMOFF + 4; } - if (crom_buf->len < len) + if (crom_buf->len < len && crom_buf->len >= 0) len = crom_buf->len; else crom_buf->len = len; |