system/freebsd-src
system/freebsd-src
1
0
Fork 0
mirror of https://github.com/freebsd/freebsd-src synced 2024-10-17 05:43:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Validate the buffer and its length passed to QLA_MPI_DUMP.

Browse source 
copyout dump only if qls_mpi_core_dump() is successful.
(like to credit x90c for pointing the issue)
Submitted by:David C Somayajulu
This commit is contained in:
David C Somayajulu 2013-11-15 01:44:58 +00:00
parent c12c5bfbe1
commit 280c10eba5
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=258156
1 changed files with 8 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
sys/dev/qlxge/qls_ioctl.c
View file

@ -100,13 +100,16 @@ qls_eioctl(struct cdev *dev, u_long cmd, caddr_t data, int fflag,
if (mpi_dump->size == 0) { if (mpi_dump->size == 0) {
mpi_dump->size = sizeof (qls_mpi_coredump_t); mpi_dump->size = sizeof (qls_mpi_coredump_t);
} else { } else {
if (mpi_dump->size < sizeof (qls_mpi_coredump_t)) if ((mpi_dump->size != sizeof (qls_mpi_coredump_t)) ||
(mpi_dump->dbuf == NULL))
rval = EINVAL; rval = EINVAL;
else { else {
qls_mpi_core_dump(ha); if (qls_mpi_core_dump(ha) == 0) {
rval = copyout( &ql_mpi_coredump, rval = copyout(&ql_mpi_coredump,
mpi_dump->dbuf, mpi_dump->dbuf,
mpi_dump->size); mpi_dump->size);
} else
rval = ENXIO;
if (rval) { if (rval) {
device_printf(ha->pci_dev, device_printf(ha->pci_dev,