Sat Aug 19 04:17:11 2017 UTC ()
Pull up following revision(s) (requested by mrg in ticket #1482):
	sys/kern/vfs_getcwd.c: revision 1.52
Don't walk off the end of the dirent buffer.
From Ilja Van Sprundel.


(snj)
diff -r1.47 -r1.47.14.1 src/sys/kern/vfs_getcwd.c
cvs diff -r1.47 -r1.47.14.1 src/sys/kern/vfs_getcwd.c (expand / switch to context diff)
--- src/sys/kern/vfs_getcwd.c 2010/11/30 10:30:02 1.47
+++ src/sys/kern/vfs_getcwd.c 2017/08/19 04:17:11 1.47.14.1
@@ -1,4 +1,4 @@
-/* $NetBSD: vfs_getcwd.c,v 1.47 2010/11/30 10:30:02 dholland Exp $ */
+/* $NetBSD: vfs_getcwd.c,v 1.47.14.1 2017/08/19 04:17:11 snj Exp $ */
 
 /*-
  * Copyright (c) 1999 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: vfs_getcwd.c,v 1.47 2010/11/30 10:30:02 dholland Exp $");
+__KERNEL_RCSID(0, "$NetBSD: vfs_getcwd.c,v 1.47.14.1 2017/08/19 04:17:11 snj Exp $");
 
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -207,7 +207,8 @@
 				reclen = dp->d_reclen;
 
 				/* check for malformed directory.. */
-				if (reclen < _DIRENT_MINSIZE(dp)) {
+				if (reclen < _DIRENT_MINSIZE(dp) ||
+				    reclen > len) {
 					error = EINVAL;
 					goto out;
 				}