https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206761
Sean Bruno changed:
What|Removed |Added
Status|In Progress |Closed
Flags|mfc-stable1
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206761
--- Comment #17 from commit-h...@freebsd.org ---
A commit references this bug:
Author: sbruno
Date: Tue Apr 5 18:27:47 UTC 2016
New revision: 297588
URL: https://svnweb.freebsd.org/changeset/base/297588
Log:
MFC r297488
Repair an ove
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206761
Ed Maste changed:
What|Removed |Added
Flags||mfc-stable10?
--
You are receiving thi
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206761
--- Comment #16 from commit-h...@freebsd.org ---
A commit references this bug:
Author: sbruno
Date: Fri Apr 1 16:16:26 UTC 2016
New revision: 297488
URL: https://svnweb.freebsd.org/changeset/base/297488
Log:
Repair a overflow condition
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206761
--- Comment #15 from CTurt ---
(In reply to CTurt from comment #14)
Don't worry about this actually, the `break` exits the `switch`, and the loop
will continue, checking all '#' characters, no need for change here.
--
You are receiving th
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206761
--- Comment #14 from CTurt ---
I've taken another look at the code and found another potential bug. I'm not
certain if this is a bug yet, but I'd also like to bring the following code
from `imgact_binmisc_add_entry` to attention:
/
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206761
--- Comment #13 from CTurt ---
(In reply to Stacey Son from comment #9)
This patch looks good to me; correctly checks the size of the `xbe_name` and
`xbe_interpreter` strings early on, before any out of bounds reads or writes
could be perfo
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206761
--- Comment #12 from o...@hardenedbsd.org ---
@CTurt, could you please very / review the patch?
--
You are receiving this mail because:
You are the assignee for the bug.
___
freebsd-bugs@freebsd.
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206761
--- Comment #11 from Sean Bruno ---
Without this patch from sson, machine panics as described:
panic: stack overflow detected; backtrace may be corrupted
cpuid = 3
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206761
--- Comment #10 from Sean Bruno ---
With the patch, the propsed test code does not crash the machine and returns:
r...@tasty.ysv:/var/tmp # ./bad_test
result -1
errno 22
--
You are receiving this mail because:
You are the assignee for t
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206761
Stacey Son changed:
What|Removed |Added
CC||s...@freebsd.org
--- Comment #9 from
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206761
Sean Bruno changed:
What|Removed |Added
Status|New |In Progress
CC|
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206761
--- Comment #7 from Shawn Webb ---
Any movement on this?
--
You are receiving this mail because:
You are the assignee for the bug.
___
freebsd-bugs@freebsd.org mailing list
https://lists.freebsd
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206761
--- Comment #6 from CTurt ---
I didn't even notice this before, but you're right.
imgact_binmisc_add_entry:
sx_xlock(&interp_list_sx);
if (imgact_binmisc_find_entry(xbe->xbe_name) != NULL) {
sx_xunlock(&int
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206761
johan...@jo-t.de changed:
What|Removed |Added
CC||johan...@jo-t.de
--- Comment #5
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206761
Kubilay Kocak changed:
What|Removed |Added
Keywords||needs-patch, needs-qa,
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206761
--- Comment #4 from CTurt ---
No need, I'll write a patch later. I'm busy with other potential bugs at the
moment though.
I don't think a CVE is needed, since it is only triggerable as root (every time
I find a bug, ffs).
--
You are rece
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206761
--- Comment #3 from Shawn Webb ---
Does a CVE need to be issued for this vulnerability?
--
You are receiving this mail because:
You are the assignee for the bug.
___
freebsd-bugs@freebsd.org mai
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206761
Shawn Webb changed:
What|Removed |Added
CC||shawn.w...@hardenedbsd.org
--- Commen
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206761
--- Comment #1 from CTurt ---
PoC which causes panic:
https://gist.github.com/CTurt/ddcda1a5ff4a3a38cad2
--
You are receiving this mail because:
You are the assignee for the bug.
___
freebsd-bu
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206761
Bug ID: 206761
Summary: Kernel stack overflow in sysctl handler for
kern.binmisc.add
Product: Base System
Version: 11.0-CURRENT
Hardware: Any
OS: Any
21 matches
Mail list logo
