[Bug 204009] [patch] buffer overflow when zerokey in AES ICM
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=204009 Bug ID: 204009 Summary: [patch] buffer overflow when zerokey in AES ICM Product: Base System Version: 11.0-CURRENT Hardware: Any OS: Any Status: New Keywords: patch Severity: Affects Only Me Priority: --- Component: kern Assignee: freebsd-bugs@FreeBSD.org Reporter: luke...@gmail.com Keywords: patch Created attachment 162438 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=162438&action=edit AES ICM zerokey patch * buffer allocation: malloc() 260 bytes sched = malloc(sizeof(struct aes_icm_ctx), M_CRYPTO_DATA, M_NOWAIT | M_ZERO); aes_icm_setkey() at aes_icm_setkey+0x67/frame 0xfe0616f8c340 swcr_newsession() at swcr_newsession+0x3b8/frame 0xfe0616f8c390 crypto_newsession() at crypto_newsession+0x1e9/frame 0xfe0616f8c3e0 esp_init() at esp_init+0x308/frame 0xfe0616f8c480 key_setsaval() at key_setsaval+0x2ba/frame 0xfe0616f8c4c0 key_newsav() at key_newsav+0xe4/frame 0xfe0616f8c500 key_add() at key_add+0x51f/frame 0xfe0616f8c5a0 key_parse() at key_parse+0x8cd/frame 0xfe0616f8c790 sosend_generic() at sosend_generic+0x42f/frame 0xfe0616f8c850 kern_sendit() at kern_sendit+0x21b/frame 0xfe0616f8c900 sendit() at sendit+0x126/frame 0xfe0616f8c950 sys_sendto() at sys_sendto+0x4d/frame 0xfe0616f8c9a0 amd64_syscall() at amd64_syscall+0x2de/frame 0xfe0616f8cab0 Xfast_syscall() at Xfast_syscall+0xfb/frame 0xfe0616f8cab0 * buffer overflow: bzero() 488 bytes bzero(*sched, sizeof(rijndael_ctx)); rijndael128_zerokey() at rijndael128_zerokey+0x26/frame 0xfe0616f8c400 swcr_freesession_locked() at swcr_freesession_locked+0x81/frame 0xfe0616f8c430 swcr_freesession() at swcr_freesession+0x29/frame 0xfe0616f8c450 crypto_freesession() at crypto_freesession+0xc1/frame 0xfe0616f8c490 ah_zeroize() at ah_zeroize+0x2e/frame 0xfe0616f8c4b0 esp_zeroize() at esp_zeroize+0xf/frame 0xfe0616f8c4d0 key_cleansav() at key_cleansav+0x1c/frame 0xfe0616f8c4f0 key_delsav() at key_delsav+0x5d/frame 0xfe0616f8c510 _key_freesp() at _key_freesp+0xaf/frame 0xfe0616f8c550 key_spdflush() at key_spdflush+0x1a7/frame 0xfe0616f8c5a0 key_parse() at key_parse+0x8cd/frame 0xfe0616f8c790 sosend_generic() at sosend_generic+0x42f/frame 0xfe0616f8c850 kern_sendit() at kern_sendit+0x21b/frame 0xfe0616f8c900 sendit() at sendit+0x126/frame 0xfe0616f8c950 sys_sendto() at sys_sendto+0x4d/frame 0xfe0616f8c9a0 amd64_syscall() at amd64_syscall+0x2de/frame 0xfe0616f8cab0 Xfast_syscall() at Xfast_syscall+0xfb/frame 0xfe0616f8cab0 -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-bugs@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
[Bug 204005] [patch][pf] PF_ANEQ macro improperly compare IPv4 packets.
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=204005 --- Comment #1 from commit-h...@freebsd.org --- A commit references this bug: Author: kp Date: Sun Oct 25 13:14:54 UTC 2015 New revision: 289932 URL: https://svnweb.freebsd.org/changeset/base/289932 Log: PF_ANEQ() macro will in most situations returns TRUE comparing two identical IPv4 packets (when it should return FALSE). It happens because PF_ANEQ() doesn't stop if first 32 bits of IPv4 packets are equal and starts to check next 3*32 bits (like for IPv6 packet). Those bits containt some garbage and in result PF_ANEQ() wrongly returns TRUE. Fix: Check if packet is of AF_INET type and if it is then compare only first 32 bits of data. PR:204005 Submitted by:Mi?osz Kaniewski Changes: head/sys/net/pfvar.h -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-bugs@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
[Bug 204005] [patch][pf] PF_ANEQ macro improperly compare IPv4 packets.
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=204005 Kristof Provost changed: What|Removed |Added CC||k...@freebsd.org Status|New |In Progress --- Comment #2 from Kristof Provost --- Thanks! It looks like this was mostly relatively harmless (it's most often used to optimise things, i.e. don't do anything if the address doesn't change anyway), but it's good to fix this anyway. You're clearly right that this was wrong and needed to be fixed. -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-bugs@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
[Bug 204005] [patch][pf] PF_ANEQ macro improperly compare IPv4 packets.
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=204005 Kristof Provost changed: What|Removed |Added Status|In Progress |Closed Resolution|--- |FIXED -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-bugs@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
[Bug 203994] bhyve kernel module may need to relax some checks when running nested under KVM
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=203994 Mark Linimon changed: What|Removed |Added Assignee|freebsd-bugs@FreeBSD.org|freebsd-virtualization@Free ||BSD.org -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-bugs@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
[Bug 203976] panic: page fault on regular traffic routing
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=203976 --- Comment #9 from Mark Linimon --- To submitter: so can this PR be closed now? -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-bugs@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
[Bug 203874] MSI/MSI-X interrupts don't work in VMware virtual machines
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=203874 --- Comment #4 from Marius Strobl --- (In reply to bhavesh from comment #3) The problem with broken versions of ESXi is that allocation of MSI-X vectors fails when tried for the first time but succeeds on subsequent attempts. As Jack Vogel from Intel pointed out, this behavior inherently reminds of a design bug in Linux/KVM: https://lists.freebsd.org/pipermail/freebsd-stable/2012-October/070220.html The full thread starts here: https://lists.freebsd.org/pipermail/freebsd-stable/2012-October/070196.html I think at that time igb(4) additionally had an orthogonal and meanwhile fixed bug, causing it to fail to properly fall back to MSI or even INTx, leading to an overall non-working default setup when run under ESXi back then. Apart from that, there was a private and independent report to j...@freebsd.org and me in June 2013, indicating that using INTx with ESXi 5.1 causes interrupt storms on the FreeBSD side. In addition to the VMware documentation of that time listing only three devices known-working with MSI-X in pass-through mode, this lead to the conclusion that MSIs are the only thing that reliably works with ESXi. Consequently, the current behavior of blacklisting the VMware PCI bridges for MSI-X (but contrary to your claim, not for MSI) was implemented and verified to yield a configuration which works out-of-the-box in the known problematic setups involving ESXi. As for the MSI-X allocation bug, it likely isn't/wasn't present in the bridge code of ESXi itself but rather in its LAPIC emulation. Still, bumping the PCI revision IDs to indicate ESXi versions where that problem has been fixed would be way preferable to having to query the hypervisor version by other means in the machine-independant PCI code of FreeBSD for limiting the blacklist entries for VMware. -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-bugs@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
Problem reports for freebsd-bugs@FreeBSD.org that need special attention
To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and obsolete releases. Status |Bug Id | Description +---+--- In Progress |187653 | pw(8): 'pw user mod' is creating users instead of In Progress |196973 | sh(1) broken UTF-8 input New |197876 | [devfs] an error in devfs leads to data loss and New |198797 | [PATCH] Added an option to install BSDstats to bs New |202362 | ntp: restore refclocks selection (10.2-RELEASE re New |202740 | vi/ex string substitution problem when there is m New |203162 | when close(fd) on a fifo fails with EINTR, the fi Open|155028 | init(8): "init q" in single user causes segfault Open|167133 | stale files in /usr/share/examples Open|169471 | [patch] pw(8) deletes group "username" on userdel Open|171779 | [patch] passwd(1): make option NO_FSCHG incomplet In Progress |191348 | [mps] LSI2308 with WD3000FYYZ drives disappears a New |203162 | when close(fd) on a fifo fails with EINTR, the fi 13 problems total for which you should take action. ___ freebsd-bugs@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
[Bug 155028] init(8): "init q" in single user causes segfault
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=155028 Garrett Cooper,425-314-3911 changed: What|Removed |Added CC||n...@freebsd.org Status|Open|Closed Flags|mfc-stable8?, mfc-stable9?, |mfc-stable8-, mfc-stable9-, |mfc-stable10? |mfc-stable10- Resolution|--- |FIXED --- Comment #4 from Garrett Cooper,425-314-3911 --- The symptom noted in the description can no longer be hit as noted in comment # 1 and comment # 3. Closing this bug even though the commit was not MFCed because 8.x has been EOLed. Please open a new bug for the item noted in comment # 3 if you believe it /etc/rc.shutdown should be run again if `init q` is interrupted -- although, I personally think the problem is that certain scripts like mixer need to be taught to do the right thing each time they're stopped instead of going and corrupting state. -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-bugs@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
[Bug 171779] [patch] passwd(1): make option NO_FSCHG incomplete
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=171779 Garrett Cooper,425-314-3911 changed: What|Removed |Added Flags|mfc-stable8?, mfc-stable10? |mfc-stable8-, mfc-stable10+ CC||n...@freebsd.org Severity|Affects Only Me |Affects Some People Assignee|freebsd-bugs@FreeBSD.org|n...@freebsd.org --- Comment #2 from Garrett Cooper,425-314-3911 --- - stable/8 has been EOLed. - It hasn't been MFCed to stable/9. - Already present in stable/10. Taking for the MFC. -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-bugs@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
[Bug 169471] [patch] pw(8) deletes group "username" on userdel even if group "username" is not assoc. w/user "username"
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=169471 Garrett Cooper,425-314-3911 changed: What|Removed |Added CC||n...@freebsd.org Status|Open|In Progress Assignee|freebsd-bugs@FreeBSD.org|dte...@freebsd.org Flags|mfc-stable8?, mfc-stable10? |mfc-stable8-, mfc-stable10+ --- Comment #4 from Garrett Cooper,425-314-3911 --- - stable/8 is EOL. - Not MFCed to stable/9. - MFCed to stable/10 in r272192. Reassigning to dteske for analysis as r272192 MFCed a number of commits to stable/10. -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-bugs@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
[Bug 167133] stale files in /usr/share/examples
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=167133 Garrett Cooper,425-314-3911 changed: What|Removed |Added Assignee|freebsd-bugs@FreeBSD.org|n...@freebsd.org CC||n...@freebsd.org Flags|mfc-stable8?, mfc-stable10? |mfc-stable8-, mfc-stable10+ --- Comment #4 from Garrett Cooper,425-314-3911 --- - stable/8 is EOLed. - Hasn't been merged to stable/9. - Has been merged to stable/10. Taking for MFC to stable/9. -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-bugs@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
[Bug 187653] pw(8): 'pw user mod' is creating users instead of changing them.
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=187653 Garrett Cooper,425-314-3911 changed: What|Removed |Added CC||n...@freebsd.org Status|In Progress |Closed Resolution|--- |FIXED Assignee|freebsd-bugs@FreeBSD.org|b...@freebsd.org --- Comment #3 from Garrett Cooper,425-314-3911 --- bapt MFCed the commit to stable/10 in r287084. Closing. r287084 | bapt | 2015-08-23 14:42:27 -0700 (Sun, 23 Aug 2015) | 18 lines MFC: r285133,r285136,r285137,r285156,r285157,r285158,r285256,r285318,r285395, r285396,r285398,r285401,r285403,r285405,r285406,r285408,r285409,r285411, r285412,r285413,r285415,r285418,r285430,r285433,r285434,r285442,r285948, r285984,r285985,r285989,r285996,r285997,r286045,r286047,r286066,r286150, r286151,r286152,r286154,r286155,r286156,r286157,r286173,r286196,r286197, r286198,r286199,r286200,r286201,r286202,r286203,r286204,r286210,r286211, r286217,r286218,r286258,r286259,r286341,r286775,r286982,r286986,r286991, r286993 Validate most pw inputs. Rewrite the way parsing sub arguments is made to simplify code and improve maintenability Add -y (NIS) to userdel/usermod pw userdel -r now deletes directories in the rootdir Only parse pw.conf when needed Reject usermod and userdel if the user concerned is not on the user database supposed to be manipulated -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-bugs@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
[Bug 203644] makefs: Coverity CID 974635, 974636: Copying several struct elements by single memcpy().
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=203644 Garrett Cooper,425-314-3911 changed: What|Removed |Added Assignee|freebsd-bugs@FreeBSD.org|n...@freebsd.org --- Comment #1 from Garrett Cooper,425-314-3911 --- Bulk taking makefs bugs. -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-bugs@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
[Bug 203704] [patch] makefs(8) does not initialize fs_providersize for UFS
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=203704 Garrett Cooper,425-314-3911 changed: What|Removed |Added Assignee|freebsd-bugs@FreeBSD.org|n...@freebsd.org --- Comment #6 from Garrett Cooper,425-314-3911 --- Bulk taking makefs bugs. -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-bugs@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
[Bug 162503] makefs(8) creates a bad image for UFS2
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=162503 Garrett Cooper,425-314-3911 changed: What|Removed |Added Assignee|freebsd-bugs@FreeBSD.org|n...@freebsd.org --- Comment #1 from Garrett Cooper,425-314-3911 --- Bulk taking makefs bugs. -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-bugs@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
[Bug 203938] makefs: Coverity CID 975345, 975346: No provisions for i/o error
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=203938 Garrett Cooper,425-314-3911 changed: What|Removed |Added Assignee|freebsd-bugs@FreeBSD.org|n...@freebsd.org --- Comment #1 from Garrett Cooper,425-314-3911 --- Bulk taking makefs bugs. -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-bugs@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
[Bug 203937] makefs: Coverity CID 975347, 975348: No provisions for i/o error
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=203937 Garrett Cooper,425-314-3911 changed: What|Removed |Added Assignee|freebsd-bugs@FreeBSD.org|n...@freebsd.org --- Comment #1 from Garrett Cooper,425-314-3911 --- Bulk taking makefs bugs. -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-bugs@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
[Bug 203943] makefs: Coverity CID 977469: False positive
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=203943 Garrett Cooper,425-314-3911 changed: What|Removed |Added Assignee|freebsd-bugs@FreeBSD.org|n...@freebsd.org --- Comment #1 from Garrett Cooper,425-314-3911 --- Bulk taking makefs bugs. -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-bugs@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
[Bug 203944] makefs: Coverity CID 979130: Possibly gone after PR 203938 / CID 975345, 975346 is done
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=203944 Garrett Cooper,425-314-3911 changed: What|Removed |Added Assignee|freebsd-bugs@FreeBSD.org|n...@freebsd.org --- Comment #1 from Garrett Cooper,425-314-3911 --- Bulk taking makefs bugs. -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-bugs@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
[Bug 203707] [patch] make makefs(8) more compatible with geom_uncompress
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=203707 Garrett Cooper,425-314-3911 changed: What|Removed |Added Assignee|freebsd-bugs@FreeBSD.org|n...@freebsd.org --- Comment #9 from Garrett Cooper,425-314-3911 --- Bulk taking makefs bugs. -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-bugs@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
[Bug 194703] makefs has trouble with nlink,time attributes from MANIFEST files
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=194703 Garrett Cooper,425-314-3911 changed: What|Removed |Added Assignee|freebsd-bugs@FreeBSD.org|n...@freebsd.org --- Comment #1 from Garrett Cooper,425-314-3911 --- Bulk taking makefs bugs. -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-bugs@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
[Bug 203923] makefs: Coverity CID 975621: False positive
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=203923 Garrett Cooper,425-314-3911 changed: What|Removed |Added Assignee|freebsd-bugs@FreeBSD.org|n...@freebsd.org --- Comment #1 from Garrett Cooper,425-314-3911 --- Bulk taking makefs bugs. -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-bugs@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
[Bug 203924] makefs: Coverity CID 976924: False positive
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=203924 Garrett Cooper,425-314-3911 changed: What|Removed |Added Assignee|freebsd-bugs@FreeBSD.org|n...@freebsd.org --- Comment #1 from Garrett Cooper,425-314-3911 --- Bulk taking makefs bugs. -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-bugs@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
[Bug 203940] makefs: Coverity CID 976847: Delayed error with wrong output file type
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=203940 Garrett Cooper,425-314-3911 changed: What|Removed |Added Assignee|freebsd-bugs@FreeBSD.org|n...@freebsd.org --- Comment #1 from Garrett Cooper,425-314-3911 --- Bulk taking makefs bugs. -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-bugs@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
