Allowing nent < 0 in aio_suspend() and lio_listio() is just asking for

trouble. Return EINVAL instead.
2003-01-12 09:40:23 +00:00 · 2003-01-12 09:40:23 +00:00 · ae3b195fcf
commit ae3b195fcf
parent 44a2c818de
1 changed files with 2 additions and 2 deletions
--- a/sys/kern/vfs_aio.c
+++ b/sys/kern/vfs_aio.c
@ -1612,7 +1612,7 @@ aio_suspend(struct thread *td, struct aio_suspend_args *uap)
 	long *ijoblist;
 	struct aiocb **ujoblist;
 	
-	if (uap->nent > AIO_LISTIO_MAX)
+	if (uap->nent < 0 || uap->nent > AIO_LISTIO_MAX)
 		return EINVAL;

 	timo = 0;
@ -1946,7 +1946,7 @@ lio_listio(struct thread *td, struct lio_listio_args *uap)
 		return EINVAL;

 	nent = uap->nent;
-	if (nent > AIO_LISTIO_MAX)
+	if (nent < 0 || nent > AIO_LISTIO_MAX)
 		return EINVAL;

 	if (p->p_aioinfo == NULL)