aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJacques Vidrine <nectar@FreeBSD.org>2002-07-31 13:19:08 +0000
committerJacques Vidrine <nectar@FreeBSD.org>2002-07-31 13:19:08 +0000
commitcc28de199bcb21043132c8e7fbdc94d2291802ab (patch)
tree53252f50a02b3599ad1461e7d0c27d4921277920
parent49246eb4017e87c09c3039b6ad745a5a1c0bb73e (diff)
downloadsrc-cc28de199bcb21043132c8e7fbdc94d2291802ab.tar.gz
src-cc28de199bcb21043132c8e7fbdc94d2291802ab.zip
MFC lib/libc/xdr/xdr_array.c 1.11: Patch to fix bounds checking/overflow.
Notes
Notes: svn path=/releng/4.4/; revision=101051
-rw-r--r--UPDATING5
-rw-r--r--lib/libc/xdr/xdr_array.c7
-rw-r--r--sys/conf/newvers.sh2
3 files changed, 9 insertions, 5 deletions
diff --git a/UPDATING b/UPDATING
index a30a1cdf81c8..8055a0d2b3fb 100644
--- a/UPDATING
+++ b/UPDATING
@@ -10,7 +10,7 @@ Release.
This is for the 4.4 release branch. All entries since 4.4 are an
itemized list of commits to this branch, numbered from the beginning.
-By this count, we're at 4.4-RELEASE-p18.
+By this count, we're at 4.4-RELEASE-p19.
The security advisories related to various patches contain information
on how to build/install a minimal set of binaries and start/stop a
@@ -18,6 +18,9 @@ minimal number of processes, if possible, for that patch. For those
updates that don't have an advisory, or to be safe, you can do a full
build and install as described in the COMMON ITEMS section.
+20020731: p19
+ A bounds checking error in the XDR decoder was corrected.
+
20020730: p18 FreeBSD-SA-02:32.pppd
A race condition in pppd(8) was corrected.
diff --git a/lib/libc/xdr/xdr_array.c b/lib/libc/xdr/xdr_array.c
index b7d36fea5ca3..7fb0552326d3 100644
--- a/lib/libc/xdr/xdr_array.c
+++ b/lib/libc/xdr/xdr_array.c
@@ -73,11 +73,12 @@ xdr_array(xdrs, addrp, sizep, maxsize, elsize, elproc)
register u_int nodesize;
/* like strings, arrays are really counted arrays */
- if (! xdr_u_int(xdrs, sizep)) {
+ if (!xdr_u_int(xdrs, sizep)) {
return (FALSE);
}
c = *sizep;
- if ((c > maxsize) && (xdrs->x_op != XDR_FREE)) {
+ if ((c > maxsize && UINT_MAX/elsize < c) &&
+ (xdrs->x_op != XDR_FREE)) {
return (FALSE);
}
nodesize = c * elsize;
@@ -145,7 +146,7 @@ xdr_vector(xdrs, basep, nelem, elemsize, xdr_elem)
elptr = basep;
for (i = 0; i < nelem; i++) {
- if (! (*xdr_elem)(xdrs, elptr, LASTUNSIGNED)) {
+ if (!(*xdr_elem)(xdrs, elptr, LASTUNSIGNED)) {
return(FALSE);
}
elptr += elemsize;
diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh
index 34bcdc41987d..bf8ee16ce23d 100644
--- a/sys/conf/newvers.sh
+++ b/sys/conf/newvers.sh
@@ -36,7 +36,7 @@
TYPE="FreeBSD"
REVISION="4.4"
-BRANCH="RELEASE-p18"
+BRANCH="RELEASE-p19"
RELEASE="${REVISION}-${BRANCH}"
VERSION="${TYPE} ${RELEASE}"