upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-04-14 13:57:02 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Take into account possible overflow when multiplying. The casuality is

Browse source 
the malloc call later, panicing kernel due to the oversized allocation.

Reported by:	pho
Reviewed by:	jeff
This commit is contained in:
Konstantin Belousov 2008-05-26 10:01:13 +00:00
parent 454f3b9249
commit 887aedc64e
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
sys/kern/kern_cpuset.c
View file

@ -805,7 +805,7 @@ cpuset_getaffinity(struct thread *td, struct cpuset_getaffinity_args *uap)
size_t size;
if (uap->cpusetsize < sizeof(cpuset_t) ||
uap->cpusetsize * NBBY > CPU_MAXSIZE)
uap->cpusetsize > CPU_MAXSIZE / NBBY)
return (ERANGE);
size = uap->cpusetsize;
mask = malloc(size, M_TEMP, M_WAITOK | M_ZERO);
@ -892,7 +892,7 @@ cpuset_setaffinity(struct thread *td, struct cpuset_setaffinity_args *uap)
int error;
if (uap->cpusetsize < sizeof(cpuset_t) ||
uap->cpusetsize * NBBY > CPU_MAXSIZE)
uap->cpusetsize > CPU_MAXSIZE / NBBY)
return (ERANGE);
mask = malloc(uap->cpusetsize, M_TEMP, M_WAITOK | M_ZERO);
error = copyin(uap->mask, mask, uap->cpusetsize);