https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206585
CTurt changed:
What|Removed |Added
Status|Open|Closed
Resolution|---
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206585
--- Comment #1 from CTurt ---
These sizes are defined as `DWORD`, a `typedef` for `unsigned int`, rather than
a 64bit type like `size_t`, so getting the sum of both sizes to overflow
doesn't seem possible.
--
You are receiving this mail b
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206579
--- Comment #2 from CTurt ---
This code could be explained if `addr` can be either a user or kernel pointer
depending on `cmd`, but I'd like this to be confirmed.
--
You are receiving this mail because:
You are the assignee for the bug.
_
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206551
Jilles Tjoelker changed:
What|Removed |Added
CC||jil...@freebsd.org
--- Comment #
To view an individual PR, use:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id).
The following is a listing of current problems submitted by FreeBSD users,
which need special attention. These represent problem reports covering
all versions including experimental development code and ob
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206551
CTurt changed:
What|Removed |Added
Resolution|--- |Not A Bug
Status|Open
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206585
Kubilay Kocak changed:
What|Removed |Added
Keywords||needs-qa, security
Sta
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206585
Bug ID: 206585
Summary: hpt_set_info possible buffer overflow
Product: Base System
Version: 11.0-CURRENT
Hardware: Any
OS: Any
Status: New
Severity:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206584
Konstantin Belousov changed:
What|Removed |Added
CC||k...@freebsd.org
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206583
Marko Zec changed:
What|Removed |Added
Assignee|freebsd-bugs@FreeBSD.org|z...@freebsd.org
CC|
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=204097
Kubilay Kocak changed:
What|Removed |Added
Keywords||needs-patch, needs-qa,
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206583
--- Comment #2 from Ben Woods ---
It is worth noting that building a kernel with VIMAGE and MROUTING both enabled
seems to work fine. This problem only appears when multicast routing is not
built into the kernel with the MROUTING option, bu
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206584
--- Comment #1 from CTurt ---
Sorry, my bad.
It is checked right here:
if (args->size > UCODE_SIZE_MAX) {
I'll spend more time analysing before reporting in the future.
--
You are receiving this mail because:
You are the assignee f
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206583
--- Comment #1 from Ben Woods ---
Some information provided by Marko Zec on the freebsd-...@freebsd.org mailing
list:
https://lists.freebsd.org/pipermail/freebsd-net/2016-January/07.html
In this particular case the problem is that ip_m
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206584
Kubilay Kocak changed:
What|Removed |Added
CC||sect...@freebsd.org
St
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206584
Kubilay Kocak changed:
What|Removed |Added
Flags||mfc-stable9?, mfc-stable10?
--
Yo
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206584
Bug ID: 206584
Summary: Possible integer overflow in update_intel
Product: Base System
Version: 11.0-CURRENT
Hardware: Any
OS: Any
Status: New
Sever
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206573
Kubilay Kocak changed:
What|Removed |Added
Priority|--- |Normal
Status|New
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206579
Kubilay Kocak changed:
What|Removed |Added
Status|New |Open
--
You are receiving this ma
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206551
Kubilay Kocak changed:
What|Removed |Added
Status|New |Open
--
You are receiving this ma
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206579
Kubilay Kocak changed:
What|Removed |Added
Severity|Affects Only Me |Affects Some People
Sum
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206581
Kubilay Kocak changed:
What|Removed |Added
Priority|--- |Normal
Status|New
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206583
Bug ID: 206583
Summary: Unable to load ip_mroute kernel module if VIMAGE is
enabled in kernel
Product: Base System
Version: 11.0-CURRENT
Hardware: Any
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206581
--- Comment #1 from CTurt ---
Sorry, forgot about the check:
if (len > sizeof(struct bxe_nvram_data)) {
So, the example I suggested wouldn't work.
But the lack of `copyin` being checked, is still valid. And there probably
should be s
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206528
Kubilay Kocak changed:
What|Removed |Added
Status|New |Open
--- Comment #6 from Kubilay K
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206581
Bug ID: 206581
Summary: bxe_ioctl_nvram handler is faulty
Product: Base System
Version: 11.0-CURRENT
Hardware: Any
OS: Any
Status: New
Severity: Aff
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206528
--- Comment #5 from Olli Hauer ---
I forgot the change from gcc to clang already.
oce.ko is a static module, and even it works I wouldn't trust in production
without a vendor statement.
--
You are receiving this mail because:
You are the
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206528
--- Comment #4 from Ron ---
I will give it a shot shortly, last time I tried this I had failures due to the
change from gcc to clang. Will report back shortly.
--
You are receiving this mail because:
You are the assignee for the bug.
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206579
--- Comment #1 from CTurt ---
Forgot to mention, the file is `sys/dev/amr/amr.c`.
--
You are receiving this mail because:
You are the assignee for the bug.
___
freebsd-bugs@freebsd.org mailing l
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206528
--- Comment #3 from Olli Hauer ---
Hi Ron,
you are right no download for 10.x, but there is a driver for 9.3 in the old
pkg format.
I'm not sure if it will work on 10.x and for FC but maybe give it a try.
Perhaps Koobs or another Bugzilla
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206579
Bug ID: 206579
Summary: Multiple vulnerabilities in AMR ioctl handler
Product: Base System
Version: 11.0-CURRENT
Hardware: Any
OS: Any
Status: New
S
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206573
Kubilay Kocak changed:
What|Removed |Added
Keywords||needs-qa, patch
URL
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206573
--- Comment #1 from CTurt ---
I've committed a patch to HardenedBSD:
https://github.com/HardenedBSD/hardenedBSD-playground/commit/48d6f11271b93a265184de813e32dba8f5cf76f9
--
You are receiving this mail because:
You are the assignee for th
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206573
Bug ID: 206573
Summary: Improper userland pointer handling in aacraid
Product: Base System
Version: 11.0-CURRENT
Hardware: Any
OS: Any
Status: New
S
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206567
Bug ID: 206567
Summary: [msk] msk0: watchdog timeout - 88E8053 on i386
Product: Base System
Version: 9.3-STABLE
Hardware: i386
OS: Any
Status: New
S
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206528
--- Comment #2 from Ron ---
I looked there before opening the case, for me I just see this under download:
"Ethernet Driver - Use inbox driver"
--
You are receiving this mail because:
You are the assignee for the bug.
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206528
Olli Hauer changed:
What|Removed |Added
CC||oha...@freebsd.org
--- Comment #1 fro
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206551
--- Comment #3 from CTurt ---
In the disassembly of `libiconv.so`, the check is performed on an `unsigned
int` for some reason:
unsigned int v24;
...
&& v24 <= 0x41000
I'm not sure why this is, considering the type of `ia_data
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206551
Kubilay Kocak changed:
What|Removed |Added
Keywords||needs-patch, needs-qa,
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206536
--- Comment #2 from Dave Evans ---
The host I was building on was FreeBSD 11.0-CURRENT #3 r294529 amd64 which I
built about 3 days ago.
The target I was building for was stable/9 i386
svn info reports in my src directory:
Revision: 2945
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206516
--- Comment #1 from Stanislav Galabov ---
This bug is now followed at:
https://reviews.freebsd.org/D5043
Will continue work there.
--
You are receiving this mail because:
You are the assignee for the bug.
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206551
--- Comment #2 from CTurt ---
It's worth noting that the minimum size which can be passed for a signed 32bit
integer is `-0x7fff`, which wraps around to `0x8001`.
If on FreeBSD 9, when this size goes through `malloc` it wil
42 matches
Mail list logo
