Module Name: src
Committed By: martin
Date: Thu Sep 5 10:12:31 UTC 2024
Modified Files:
src/sys/external/bsd/libnv/dist [netbsd-9]: nvpair.c
Log Message:
Pull up following revision(s) (requested by riastradh in ticket #1885):
sys/external/bsd/libnv/dist/nvpair.c: revision 1.13
libnv: Check for NUL within bounds when unpacking string arrays.
This avoids buffer overrun in the subsequent nv_strdup, which can be
triggered by root at securelevel 1 via ioctl(IOC_NPF_*) on /dev/npf.
Matches upstream FreeBSD change by Mariusz Zaborski.
CVE-2024-45288
PR security/58652: libnv: Integer overflow and buffer overrun
vulnerabilities
To generate a diff of this commit:
cvs rdiff -u -r1.11 -r1.11.2.1 src/sys/external/bsd/libnv/dist/nvpair.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
