Page MenuHomeFreeBSD
Differential D24562

Don't indirect user pointers directly in two 802.11s ioctls.
ClosedPublic
Actions

Authored by jhb on Apr 24 2020, 8:22 PM.
Tags
None
Referenced Files
Unknown Object (File)
Wed, May 13, 9:52 PM
Unknown Object (File)
Sun, May 10, 2:07 AM
Unknown Object (File)
Wed, May 6, 10:58 PM
Unknown Object (File)
Tue, Apr 28, 1:21 PM
Unknown Object (File)
Mon, Apr 27, 3:02 PM
Unknown Object (File)
Fri, Apr 17, 7:20 PM
Unknown Object (File)
Apr 7 2026, 2:55 PM
Unknown Object (File)
Apr 6 2026, 11:06 PM
View All Files
Subscribers
imp
melifaro

Details

Reviewers
kib
brooks
Commits
rS360285: Don't indirect user pointers directly in two 802.11s ioctls.
Summary

IEEE80211_MESH_RTCMD_ADD was invoking memcmp() to validate the
supplied address directly on the user pointer rather than first doing
a copyin() and validating the copied value.

IEEE80211_MESH_RTCMD_DELETE was passing the user pointer directly to
ieee80211_mesh_rt_del() rather than copying the user buffer into a
temporary kernel buffer.

Test Plan
  • found in CheriBSD where user pointers and kernel pointers are different types currently
  • compile tested only, no run-time testing

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

jhb created this revision.Apr 24 2020, 8:22 PM
Herald added a subscriber: melifaro. · View Herald TranscriptApr 24 2020, 8:22 PM
Harbormaster completed remote builds in B30713: Diff 70959.Apr 24 2020, 8:22 PM
brooks accepted this revision.Apr 24 2020, 8:41 PM

sigh

This revision is now accepted and ready to land.Apr 24 2020, 8:41 PM
kib accepted this revision.Apr 24 2020, 9:32 PM

These should have been reported by SMAP, but apparently nobody uses mesh ?

sys/net80211/ieee80211_mesh.c
3580 ↗(On Diff #70959)

error != 0

jhb added a comment.Apr 24 2020, 9:59 PM
In D24562#540481, @kib wrote:

These should have been reported by SMAP, but apparently nobody uses mesh ?

I suspect that no one uses it, yes.

jhb marked an inline comment as done.Apr 24 2020, 10:10 PM
Closed by commit rS360285: Don't indirect user pointers directly in two 802.11s ioctls. (authored by jhb). · Explain WhyApr 24 2020, 10:10 PM
This revision was automatically updated to reflect the committed changes.
jhb added a commit: rS360285: Don't indirect user pointers directly in two 802.11s ioctls..
Herald added a subscriber: imp. · View Herald TranscriptApr 24 2020, 10:10 PM

Revision Contents
Changeset List

PathSize
head/
sys/
net80211/
19 lines

Diff 70967

View Options

head/sys/net80211/ieee80211_mesh.c

Loading...