From c44cbf0fd76787cc7e4419286dbc6bd4793a4d9e Mon Sep 17 00:00:00 2001
From: iedowse <iedowse@FreeBSD.org>
Date: Fri, 10 Aug 2001 22:14:18 +0000
Subject: [PATCH] Arbitrarily limit to 64k the number of bytes that can be read
 at a time using the ogetdirentries() compatibility syscall. This is a hack to
 ensure that rediculous values don't get passed to MALLOC().

Reviewed by:	kris
---
 sys/kern/vfs_extattr.c  | 3 +++
 sys/kern/vfs_syscalls.c | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/sys/kern/vfs_extattr.c b/sys/kern/vfs_extattr.c
index 35f9576c42ec..187727f87b97 100644
--- a/sys/kern/vfs_extattr.c
+++ b/sys/kern/vfs_extattr.c
@@ -3059,6 +3059,9 @@ ogetdirentries(p, uap)
 	int error, eofflag, readcnt;
 	long loff;
 
+	/* XXX arbitrary sanity limit on `count'. */
+	if (SCARG(uap, count) > 64 * 1024)
+		return (EINVAL);
 	if ((error = getvnode(p->p_fd, SCARG(uap, fd), &fp)) != 0)
 		return (error);
 	if ((fp->f_flag & FREAD) == 0)
diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c
index 35f9576c42ec..187727f87b97 100644
--- a/sys/kern/vfs_syscalls.c
+++ b/sys/kern/vfs_syscalls.c
@@ -3059,6 +3059,9 @@ ogetdirentries(p, uap)
 	int error, eofflag, readcnt;
 	long loff;
 
+	/* XXX arbitrary sanity limit on `count'. */
+	if (SCARG(uap, count) > 64 * 1024)
+		return (EINVAL);
 	if ((error = getvnode(p->p_fd, SCARG(uap, fd), &fp)) != 0)
 		return (error);
 	if ((fp->f_flag & FREAD) == 0)