Page MenuHomeFreeBSD
Differential D24562

Don't indirect user pointers directly in two 802.11s ioctls.
ClosedPublic
Actions

Authored by jhb on Apr 24 2020, 8:22 PM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Apr 7, 2:55 PM
Unknown Object (File)
Mon, Apr 6, 11:06 PM
Unknown Object (File)
Mon, Mar 30, 12:28 AM
Unknown Object (File)
Sun, Mar 29, 11:46 PM
Unknown Object (File)
Sun, Mar 29, 11:46 PM
Unknown Object (File)
Wed, Mar 25, 4:55 AM
Unknown Object (File)
Thu, Mar 12, 4:01 PM
Unknown Object (File)
Mar 3 2026, 8:20 PM
View All Files
Subscribers
imp
melifaro

Details

Reviewers
kib
brooks
Commits
rS360285: Don't indirect user pointers directly in two 802.11s ioctls.
Summary

IEEE80211_MESH_RTCMD_ADD was invoking memcmp() to validate the
supplied address directly on the user pointer rather than first doing
a copyin() and validating the copied value.

IEEE80211_MESH_RTCMD_DELETE was passing the user pointer directly to
ieee80211_mesh_rt_del() rather than copying the user buffer into a
temporary kernel buffer.

Test Plan
  • found in CheriBSD where user pointers and kernel pointers are different types currently
  • compile tested only, no run-time testing

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

jhb created this revision.Apr 24 2020, 8:22 PM
Herald added a subscriber: melifaro. · View Herald TranscriptApr 24 2020, 8:22 PM
Harbormaster completed remote builds in B30713: Diff 70959.Apr 24 2020, 8:22 PM
brooks accepted this revision.Apr 24 2020, 8:41 PM

sigh

This revision is now accepted and ready to land.Apr 24 2020, 8:41 PM
kib accepted this revision.Apr 24 2020, 9:32 PM

These should have been reported by SMAP, but apparently nobody uses mesh ?

sys/net80211/ieee80211_mesh.c
3580 ↗(On Diff #70959)

error != 0

jhb added a comment.Apr 24 2020, 9:59 PM
In D24562#540481, @kib wrote:

These should have been reported by SMAP, but apparently nobody uses mesh ?

I suspect that no one uses it, yes.

jhb marked an inline comment as done.Apr 24 2020, 10:10 PM
Closed by commit rS360285: Don't indirect user pointers directly in two 802.11s ioctls. (authored by jhb). · Explain WhyApr 24 2020, 10:10 PM
This revision was automatically updated to reflect the committed changes.
jhb added a commit: rS360285: Don't indirect user pointers directly in two 802.11s ioctls..
Herald added a subscriber: imp. · View Herald TranscriptApr 24 2020, 10:10 PM

Revision Contents
Changeset List

PathSize
head/
sys/
net80211/
19 lines

Diff 70967

View Options

head/sys/net80211/ieee80211_mesh.c

Loading...