https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206581
Mark Linimon changed:
What|Removed |Added
Assignee|freebsd-bugs@FreeBSD.org|freebsd-...@freebsd.org
--
You are
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206581
Mark Linimon changed:
What|Removed |Added
Keywords|needs-patch |patch
--
You are receiving this ma
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206581
--- Comment #5 from CTurt ---
Created attachment 169497
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=169497&action=edit
Check return values from copyin and copyout
--
You are receiving this mail because:
You are the assignee
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206581
--- Comment #4 from Shawn Webb ---
Any movement on this?
--
You are receiving this mail because:
You are the assignee for the bug.
___
freebsd-bugs@freebsd.org mailing list
https://lists.freebsd
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206581
--- Comment #3 from CTurt ---
To clarify my original post, the bound check is fine.
However, there is a problem that multiple parts of this code use `copyin`
without checking the result, which could possibly lead to the use of
uninitialise
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206581
Kubilay Kocak changed:
What|Removed |Added
Priority|--- |Normal
Status|New
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206581
--- Comment #1 from CTurt ---
Sorry, forgot about the check:
if (len > sizeof(struct bxe_nvram_data)) {
So, the example I suggested wouldn't work.
But the lack of `copyin` being checked, is still valid. And there probably
should be s
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206581
Bug ID: 206581
Summary: bxe_ioctl_nvram handler is faulty
Product: Base System
Version: 11.0-CURRENT
Hardware: Any
OS: Any
Status: New
Severity: Aff
