From bc06965ace25a9137a3087097d95609846f59fa2 Mon Sep 17 00:00:00 2001 From: Enji Cooper Date: Mon, 2 Nov 2015 08:43:15 +0000 Subject: [PATCH] Limit isoLevel to 1 and 2 to avoid segfaulting when isoLevel is set to 3 by dereferencing a NULL function pointer Add some asserts to ensure that isolevel is always either 1 or 2. PR: 203645 Reported by: Thomas Schmitt MFC after: 1 week Sponsored by: EMC / Isilon Storage Division --- usr.sbin/makefs/cd9660.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/usr.sbin/makefs/cd9660.c b/usr.sbin/makefs/cd9660.c index b5be46906b09..e05e52ac32c9 100644 --- a/usr.sbin/makefs/cd9660.c +++ b/usr.sbin/makefs/cd9660.c @@ -296,8 +296,8 @@ cd9660_parse_opts(const char *option, fsinfo_t *fsopts) int rv; /* Set up allowed options - integer options ONLY */ option_t cd9660_options[] = { - { "l", &diskStructure.isoLevel, 1, 3, "ISO Level" }, - { "isolevel", &diskStructure.isoLevel, 1, 3, "ISO Level" }, + { "l", &diskStructure.isoLevel, 1, 2, "ISO Level" }, + { "isolevel", &diskStructure.isoLevel, 1, 2, "ISO Level" }, { "verbose", &diskStructure.verbose_level, 0, 2, "Turns on verbose output" }, { "v", &diskStructure.verbose_level, 0 , 2, @@ -1055,6 +1055,7 @@ cd9660_rename_filename(cd9660node *iter, int num, int delete_chars) if (diskStructure.verbose_level > 0) printf("Rename_filename called\n"); + assert(1 <= diskStructure.isoLevel && diskStructure.isoLevel <= 2); /* TODO : A LOT of chanes regarding 8.3 filenames */ if (diskStructure.isoLevel == 1) maxlength = 8; @@ -1730,6 +1731,7 @@ cd9660_joliet_convert_filename(const char *oldname, char *newname, int is_file) static int cd9660_convert_filename(const char *oldname, char *newname, int is_file) { + assert(1 <= diskStructure.isoLevel && diskStructure.isoLevel <= 2); /* NEW */ cd9660_filename_conversion_functor conversion_function = 0; if (diskStructure.isoLevel == 1)