Add bounds checks for CTL_DEBUG sysctl variable.

1 files changed, 3 insertions, 1 deletions

diff --git a/sys/kern/kern_sysctl.c b/sys/kern/kern_sysctl.c
index 0f8bc6dac5c..67f624eb50b 100644
--- a/sys/kern/kern_sysctl.c
+++ b/sys/kern/kern_sysctl.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: kern_sysctl.c,v 1.249 2014/05/17 17:26:24 guenther Exp $	*/
+/*	$OpenBSD: kern_sysctl.c,v 1.250 2014/06/11 17:32:59 matthew Exp $	*/
 /*	$NetBSD: kern_sysctl.c,v 1.17 1996/05/20 17:49:05 mrg Exp $	*/
 
 /*-
@@ -753,6 +753,8 @@ debug_sysctl(int *name, u_int namelen, void *oldp, size_t *oldlenp, void *newp,
 	/* all sysctl names at this level are name and field */
 	if (namelen != 2)
 		return (ENOTDIR);		/* overloaded */
+	if (name[0] < 0 || name[0] >= nitems(debugvars))
+		return (EOPNOTSUPP);
 	cdp = debugvars[name[0]];
 	if (cdp->debugname == 0)
 		return (EOPNOTSUPP);