zfs_ioctl: avoid out-of-bound read

admbugs:	796
Submitted by:	Domagoj Stolfa <ds815@cam.ac.uk>
Reported by:	Ilja Van Sprundel <ivansprundel@ioactive.com>
Reviewed by:	avg
MFC after:	1 day
This commit is contained in:
emaste 2018-05-04 00:56:41 +00:00
parent b869ee6435
commit 83b769173f

View File

@ -6440,6 +6440,10 @@ zfsdev_ioctl(struct cdev *dev, u_long zcmd, caddr_t arg, int flag,
cflag = ZFS_CMD_COMPAT_V28;
break;
case sizeof(zfs_cmd_v15_t):
if (cmd >= sizeof(zfs_ioctl_v15_to_v28) /
sizeof(zfs_ioctl_v15_to_v28[0]))
return (EINVAL);
cflag = ZFS_CMD_COMPAT_V15;
vecnum = zfs_ioctl_v15_to_v28[cmd];