Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
HBSD MFC r330880: Don't overflow the kernel struct mdio in the MDIOCL…
…IST ioctl. Always terminate the list with -1 and document the ioctl behavior. This preserves existing behavior as seen from userspace with the addition of the unconditional termination which will not be seen by working consumers of MDIOCLIST. Because this ioctl can only be performed by root (in default configurations) and is not used in the base system this bug is not deemed to warrant either a security advisory or an eratta notice. Reviewed by: kib Obtained from: CheriBSD Discussed with: security-officer (gordon) MFC after: 3 days Security: kernel heap buffer overflow Sponsored by: DARPA, AFRL Differential Revision: https://reviews.freebsd.org/D14685 (cherry picked from commit 83fa13c) Author: brooks <brooks@FreeBSD.org> Original-commit-date: Tue Mar 13 20:39:06 2018 +0000 svn-commit-id: /head/ r330880 Signed-off-by: Oliver Pinter <oliver.pinter@hardenedbsd.org>
- Loading branch information