Diffusion FreeBSD src repository d5ea04ee7ba6

dummynet: Avoid an out-of-bounds read in do_config()
d5ea04ee7ba6
Actions

Tags

None

Referenced Files

None

Subscribers

None

Description

dummynet: Avoid an out-of-bounds read in do_config()

do_config() processes a buffer of variable-length dummynet commands.
The loop which processes this buffer loads the fixed-length header
before checking whether there are any bytes left to read, so it performs
a 4-byte read past the end of the buffer before terminating.

Restructure the loop to avoid this.

Reported by: Jenkins (KASAN job)
Reviewed by: kp
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D33132

Details

Provenance

Authored on Nov 29 2021, 6:50 PM

Reviewer

Differential Revision

D33132: dummynet: Avoid an out-of-bounds read in do_config()

Parents

rG3dd3a395ba97: ext2: Check for e2fs_first_dblock in ext2_compute_sb_data()

Branches

Unknown

Tags

Unknown

Event Timeline

markj committed rGd5ea04ee7ba6: dummynet: Avoid an out-of-bounds read in do_config() (authored by markj).Nov 29 2021, 6:57 PM

markj added an edge: D33132: dummynet: Avoid an out-of-bounds read in do_config().

markj mentioned this in rG3f1756dabfe2: dummynet: Avoid an out-of-bounds read in do_config().Dec 6 2021, 2:05 PM

markj mentioned this in rG55351c2620c5: dummynet: Avoid an out-of-bounds read in do_config().Dec 6 2021, 2:19 PM

Changes (1)

Path

Size

sys/

netpfil/

ipfw/

rGd5ea04ee7ba6

sys/netpfil/ipfw/ip_dummynet.c

Loading...