Fix heap overflow in bhnd(4) SPROM parsing.
ClosedPublic
Actions

Authored by landonf on Jul 9 2016, 10:43 PM.

Tags

None

Referenced Files

	Unknown Object (File)
	Nov 5 2024, 1:43 PM

	Unknown Object (File)
	Oct 22 2024, 8:40 AM

	Unknown Object (File)
	Oct 22 2024, 8:40 AM

	Unknown Object (File)
	Oct 22 2024, 8:40 AM

	Unknown Object (File)
	Oct 22 2024, 8:30 AM

	Unknown Object (File)
	Oct 2 2024, 12:59 PM

	Unknown Object (File)
	Oct 2 2024, 7:57 AM

	Unknown Object (File)
	Oct 1 2024, 12:35 AM

View All 56 Files

Subscribers

imp

Details

Reviewers

adrian

Commits

rS302509: Fix heap overflow in bhnd(4) SPROM parsing.

Summary

The bus_region_* APIs accept the number of data items to be
read, while the code was passing the total number of bytes,
resulting in an overflow of the SPROM parser's shadow buffer.

Diff Detail

Repository

rS FreeBSD src repository - subversion

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

landonf updated this revision to Diff 18243.Jul 9 2016, 10:43 PM

landonf retitled this revision from to Fix heap overflow in bhnd(4) SPROM parsing..

landonf updated this object.

landonf edited the test plan for this revision. (Show Details)

landonf added a reviewer: adrian.

Herald added a subscriber: imp. · View Herald TranscriptJul 9 2016, 10:43 PM

approved!

This revision is now accepted and ready to land.Jul 9 2016, 11:02 PM

Closed by commit rS302509: Fix heap overflow in bhnd(4) SPROM parsing. (authored by landonf). · Explain WhyJul 10 2016, 12:08 AM

This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

Path

Size

head/

sys/

dev/

bhnd/

nvram/

bhnd_sprom_subr.c

3 lines

Diff 18244

View Options

head/sys/dev/bhnd/nvram/bhnd_sprom_subr.c

Fix heap overflow in bhnd(4) SPROM parsing.ClosedPublicActions