Page MenuHomeFreeBSD

Don't overflow the kernel struct mdio in the MDIOCLIST ioctl.
ClosedPublic

Authored by brooks on Mar 13 2018, 7:58 PM.
Tags
None
Referenced Files
Unknown Object (File)
Oct 27 2023, 2:31 PM
Unknown Object (File)
Sep 23 2023, 1:54 PM
Unknown Object (File)
Aug 13 2023, 6:11 AM
Unknown Object (File)
Aug 2 2023, 6:04 PM
Unknown Object (File)
Jul 9 2023, 5:49 AM
Unknown Object (File)
Jul 9 2023, 5:49 AM
Unknown Object (File)
Jul 9 2023, 5:47 AM
Unknown Object (File)
Jul 4 2023, 7:04 PM
Subscribers

Details

Summary

Always terminate the list with -1 and document the ioctl behavior.
This preserves existing behavior as seen from userspace with the
addition of the unconditional termination which will not be seen by
working consumers of MDIOCLIST.

Because this ioctl can only be performed by root (in default
configurations) and is not used in the base system this bug is not
deemed to warrant either a security advisory or an eratta notice.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

So the overflow can happen if the number of md's is greater than MONPAD, right ?

I would appreciate if the comment for md_pad in mdioctl.h was updated.

This revision is now accepted and ready to land.Mar 13 2018, 8:25 PM

> MDNPAD - 1 (one slot lost to the count). I'll commit an update to md_pad's comment separately (I almost submitted it with this one, but it's only somewhat related).

This revision was automatically updated to reflect the committed changes.