diff options
| author | Richard Yao <[email protected]> | 2022-11-04 14:06:14 -0400 |
|---|---|---|
| committer | Tony Hutter <[email protected]> | 2022-12-01 12:39:43 -0800 |
| commit | 957c3776f2ac211afaba0bb89f2592b6410a7a17 (patch) | |
| tree | b40a3bb2ec739123f640964c26d32fb8e6d9de55 /module | |
| parent | 85537f77a3574f265c5e87c3ee4b1858317530ce (diff) | |
FreeBSD: Fix out of bounds read in zfs_ioctl_ozfs_to_legacy()
There is an off by 1 error in the check. Fortunately, this function does
not appear to be used in kernel space, despite being compiled as part of
the kernel module. However, it is used in userspace. Callers of
lzc_ioctl_fd() likely will crash if they attempt to use the
unimplemented request number.
This was reported by FreeBSD's coverity scan.
Reported-by: Coverity (CID 1432059)
Reviewed-by: Ryan Moeller <[email protected]>
Reviewed-by: Damian Szuberski <[email protected]>
Reviewed-by: Brian Behlendorf <[email protected]>
Signed-off-by: Richard Yao <[email protected]>
Closes #14135
Diffstat (limited to 'module')
| -rw-r--r-- | module/os/freebsd/zfs/zfs_ioctl_compat.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/module/os/freebsd/zfs/zfs_ioctl_compat.c b/module/os/freebsd/zfs/zfs_ioctl_compat.c index 81967bed7..43156f2c6 100644 --- a/module/os/freebsd/zfs/zfs_ioctl_compat.c +++ b/module/os/freebsd/zfs/zfs_ioctl_compat.c @@ -319,7 +319,7 @@ zfs_ioctl_legacy_to_ozfs(int request) int zfs_ioctl_ozfs_to_legacy(int request) { - if (request > ZFS_IOC_LAST) + if (request >= ZFS_IOC_LAST) return (-1); if (request > ZFS_IOC_PLATFORM) { |