SVNews r327497

NOTE: This service is experimental and subject to change! Use at your own risk!

2018-01-02 18:29:44 - r327497 by emaste (Ed Maste)

Complete list of files affected by revision r327497:

(Note: At the moment, these links point to ViewVC on svn.freebsd.org. They are probably slow. Do not overuse.)

  History   Contents   Diff   MODIFY   /head/sys/dev/hpt27xx/hpt27xx_osm_bsd.c  

Commit message:

hpt27xx: plug info leak in hpt_ioctl

The hpt27xx ioctl handler allocates a buffer without M_ZERO and calls
hpt_do_ioctl(), which might not overwrite the entire buffer.

Also zero bytesReturned in case it is not written by hpt_do_ioctl().

The hpt27xx device has permissions only for root so this is not urgent,
and the fix can be MFCd and considered for a future EN.

Reported by: Ilja van Sprundel <ivansprundel@ioactive.com>
Submitted by: Domagoj Stolfa <domagoj.stolfa@gmail.com> (M_ZERO)
Reviewed by: jhb, kib
MFC after: 3 days
Security: info leak in root-only ioctl
Sponsored by: The FreeBSD Foundation

 


Powered by Python FreeBSD support by secnetix GmbH & Co. KG

Page generated in 1 ms, 1 file printed. Current time is 2018-01-20 11:23:02. All times are in UTC/GMT.