[EMAIL PROTECTED] wrote: > Thanks for having a look at that. I have checked in a fix.
Thanks for responding so quickly. > I presume that you have addressed the cases in GBDE where > malloc's return code has not been checked? If so, perhaps > cvsweb is a little behind. It looks to me like 2 or 4 mallocs > can use a buffer without checking the return code. There are two malloc bugs in GBDE, but both are minor and have no security implications. Both bugs are in src/sbin/gbde/gbde.c: - the first bug is in cmd_nuke() and could not be seen as much of a bug because cmd_nuke() is used to destroy lock sectors. If this fails due to memory starvation no sensitive information is leaked, only a write(2) call fails and gbde terminates correctly upon catching and reporting the write error. - the second bug is in cmd_write(), where a buffer is allocated and checked, but not immediately, so there is a case where it can be used before it gets checked. However, even if this happens, only a read(2) call fails and gbde terminates correctly upon catching and reporting the read error. In src/sys/geom/bde/g_bde.c there is also a g_malloc() allocated buffer which is unchecked, but since the allocation is done with the M_WAITOK flag it's safe. This means there are no malloc bugs in GBDE which could cause a segmentation violation. I have sent the patch for the minor malloc bugs I described above to Poul-Henning, so I expect him to review it and commit the appropriate fix in the near future. ALeine ___________________________________________________________________ WebMail FREE http://mail.austrosearch.net _______________________________________________ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
