Page MenuHomeFreeBSD
Differential D42220

bhyve: fix buffer overflow in QemuFwCfg
ClosedPublic
Actions

Authored by corvink on Oct 16 2023, 9:31 AM.
Tags
None
Referenced Files
F87298928: D42220.id128912.diff
Mon, Jul 1, 11:22 AM
Unknown Object (File)
Sat, Jun 29, 8:08 AM
Unknown Object (File)
Sun, Jun 16, 5:13 PM
Unknown Object (File)
Sun, Jun 16, 2:12 PM
Unknown Object (File)
Mar 21 2024, 2:55 PM
Unknown Object (File)
Jan 29 2024, 5:17 AM
Unknown Object (File)
Jan 28 2024, 4:40 PM
Unknown Object (File)
Jan 27 2024, 12:33 PM
View All 18 Files
Subscribers
andy_omniosce.org
bcran
imp
rgrimes

Details

Reviewers
jhb
markj
Group Reviewers
bhyve
Commits
rG4a3810075fd3: bhyve: fix buffer overflow in QemuFwCfg
Summary

We're accessing one element of the newly allocated and the old directory
too much.

Reported by: andy@omniosce.org
Fixes: 6f9ebb3d0fed2b0ae604dd6daf17f1fe1d8df216 ("bhyve: add helper for adding fwcfg files")

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 53999
Build 50889: arc lint + arc unit

Event Timeline

corvink created this revision.Oct 16 2023, 9:31 AM
Herald added subscribers: bcran, rgrimes, imp. · View Herald TranscriptOct 16 2023, 9:31 AM
corvink requested review of this revision.Oct 16 2023, 9:31 AM
Harbormaster completed remote builds in B53999: Diff 128817.Oct 16 2023, 9:32 AM
corvink edited the summary of this revision. (Show Details)Oct 16 2023, 10:03 AM
corvink added a subscriber: andy_omniosce.org.Oct 16 2023, 10:55 AM
markj added inline comments.Oct 16 2023, 12:49 PM
usr.sbin/bhyve/qemu_fwcfg.c
328

Why do you add + 1 here? The reason isn't obvious to me.

corvink added inline comments.Oct 17 2023, 6:52 AM
usr.sbin/bhyve/qemu_fwcfg.c
328

This function adds a new fwcfg file. Therefore, we have to increase the count of fwcfg files by one. The name might be a bit misleading. It's the new_count.

markj accepted this revision as: markj.Oct 17 2023, 1:25 PM
This revision is now accepted and ready to land.Oct 17 2023, 1:25 PM
Closed by commit rG4a3810075fd3: bhyve: fix buffer overflow in QemuFwCfg (authored by corvink). · Explain WhyOct 17 2023, 1:58 PM
This revision was automatically updated to reflect the committed changes.
corvink added a commit: rG4a3810075fd3: bhyve: fix buffer overflow in QemuFwCfg.

Revision Contents
Changeset List

PathSize
usr.sbin/
bhyve/
2 lines

Diff 128817

View Options

usr.sbin/bhyve/qemu_fwcfg.c

Loading...