---
- branch: netbsd-6
  date: Sat Aug 19 04:44:56 UTC 2017
  files:
  - new: 1.39.14.1
    old: '1.39'
    path: src/sys/netsmb/smb_dev.c
    pathrev: src/sys/netsmb/smb_dev.c@1.39.14.1
    type: modified
  - new: 1.36.8.1
    old: '1.36'
    path: src/sys/netsmb/smb_subr.c
    pathrev: src/sys/netsmb/smb_subr.c@1.36.8.1
    type: modified
  - new: 1.20.14.1
    old: '1.20'
    path: src/sys/netsmb/smb_subr.h
    pathrev: src/sys/netsmb/smb_subr.h@1.20.14.1
    type: modified
  - new: 1.16.18.1
    old: '1.16'
    path: src/sys/netsmb/smb_usr.c
    pathrev: src/sys/netsmb/smb_usr.c@1.16.18.1
    type: modified
  id: 20170819T044456Z.82b2f5165d211a1c065629f0491e6ced02ef055c
  log: "Pull up following revision(s) (requested by mrg in ticket #1487):\n\tsys/netsmb/smb_dev.c:
    1.50\n\tsys/netsmb/smb_subr.c: 1.38\n\tsys/netsmb/smb_subr.h: 1.22\n\tsys/netsmb/smb_usr.c:
    1.17-1.19\nReject allocations for too-small buffers from userland.\nFrom Ilja
    Van Sprundel.\n--\nPlug another overflow: refuse bogus sa_len from user.\n--\nReject
    negative ioc_setupcnt.\n--\nReject negative offset/count for smb read/write.\nNot
    clear that this is actually a problem for the kernel -- might\noverwrite user's
    buffers or return garbage to user, but that's their\nown damn fault.  But it's
    hard to imagine that negative offset/count\never makes sense, and I haven't ruled
    out a problem for the kernel.\n"
  module: src
  subject: 'CVS commit: [netbsd-6] src/sys/netsmb'
  unixtime: '1503117896'
  user: snj