Synopsis: Kernel memory disclosure via ibcs2
NetBSD versions: 1.5.3, 1.5.2, 1.5.1, 1.5
Thanks to: silvio@qualys.com
Reported in NetBSD Security Advisory: NetBSD-SA2003-013


Index: ibcs2_stat.c
===================================================================
RCS file: /cvsroot/src/sys/compat/ibcs2/ibcs2_stat.c,v
retrieving revision 1.14.4.2
retrieving revision 1.14.4.3
diff -u -r1.14.4.2 -r1.14.4.3
--- ibcs2_stat.c	2002/09/04 04:09:08	1.14.4.2
+++ ibcs2_stat.c	2003/08/27 05:31:56	1.14.4.3
@@ -111,6 +111,11 @@
 	int len;
 {
 	struct ibcs2_statvfs ssvfs;
+
+	if (len < 0)
+		return (EINVAL);
+	if (len > sizeof(ssvfs))
+		len = sizeof(ssvfs);
 
 	if (len < 0)
 		return (EINVAL);