From 1274ad164528f10407f30ab6d90d94bbf8dbfb73 Mon Sep 17 00:00:00 2001
From: mav <mav@ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f>
Date: Tue, 10 Jan 2017 08:25:03 +0000
Subject: [PATCH] MFC r310633: Add MAX_LUNS overflow safety checks.

While this MAX_LUNS limitation is too synthetic and should be removed,
it is better to enforce it while it is here.


git-svn-id: svn://svn.freebsd.org/base/stable/10@311866 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
---
 usr.sbin/ctld/parse.y | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/usr.sbin/ctld/parse.y b/usr.sbin/ctld/parse.y
index 1de1e8815..da5d52c6f 100644
--- a/usr.sbin/ctld/parse.y
+++ b/usr.sbin/ctld/parse.y
@@ -808,6 +808,11 @@ lun_number:	STR
 			free($1);
 			return (1);
 		}
+		if (tmp >= MAX_LUNS) {
+			yyerror("LU number is too big");
+			free($1);
+			return (1);
+		}
 
 		ret = asprintf(&name, "%s,lun,%ju", target->t_name, tmp);
 		if (ret <= 0)
@@ -832,6 +837,11 @@ target_lun_ref:	LUN STR STR
 			return (1);
 		}
 		free($2);
+		if (tmp >= MAX_LUNS) {
+			yyerror("LU number is too big");
+			free($3);
+			return (1);
+		}
 
 		lun = lun_find(conf, $3);
 		free($3);
-- 
2.45.0