CVSROOT: /cvs Module name: src Changes by: dera...@cvs.openbsd.org 2025/08/01 02:16:31
Modified files:
usr.sbin/relayd: relayd.c
Log message:
For IMSG_BINDANY, bnd.bnd_proc wasn't range checked to ensure it is positive.
As a result IF the other side of the privsep was succesfully exploited, it
could then send such a flawed message and cause a cause an array bounds
violation over the privsep boundary.
Reported by S. Ai, H. Lefeuvre, Systopia team
ok claudio
