Page MenuHomeFreeBSD
Differential D10377

Fix an out-of-bounds write when a zero-length buffer is passed.
ClosedPublic
Actions

Authored by brooks on Apr 12 2017, 10:57 PM.
Tags
None
Referenced Files
F152152550: D10377.id27390.diff
Mon, Apr 13, 2:29 AM
F152111660: D10377.id27390.diff
Sun, Apr 12, 7:32 PM
Unknown Object (File)
Sat, Apr 11, 11:39 PM
Unknown Object (File)
Sat, Apr 11, 5:58 AM
Unknown Object (File)
Fri, Apr 10, 11:41 AM
Unknown Object (File)
Tue, Apr 7, 7:37 AM
Unknown Object (File)
Tue, Mar 31, 9:52 PM
Unknown Object (File)
Wed, Mar 25, 10:42 AM
View All 75 Files
Subscribers
None

Details

Reviewers
jilles
jhb
emaste
Commits
rS316768: Fix an out-of-bounds write when a zero-length buffer is passed.
Summary

Found with ttyname_test and CHERI bounds checking.

Sponsored by: DARPA, AFRL
Obtained from: CheriBSD

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

brooks created this revision.Apr 12 2017, 10:57 PM
Harbormaster completed remote builds in B8705: Diff 27390.Apr 12 2017, 10:57 PM
brooks added a comment.Apr 12 2017, 10:57 PM

I also wonder if we should perform a NULL pointer check, but POSIX doesn't explicitly allow EINVAL.

emaste accepted this revision.Apr 12 2017, 11:10 PM
This revision is now accepted and ready to land.Apr 12 2017, 11:10 PM
jhb edited edge metadata.Apr 13 2017, 3:58 AM
In D10377#214967, @brooks wrote:

I also wonder if we should perform a NULL pointer check, but POSIX doesn't explicitly allow EINVAL.

Bruce would argue that a SIGSEGV is a valid NULL pointer check. That is the failure case for many other APIs in userland (e.g. strlen() and strcpy()).

Closed by commit rS316768: Fix an out-of-bounds write when a zero-length buffer is passed. (authored by brooks). · Explain WhyApr 13 2017, 3:52 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

PathSize
head/
lib/
libc/
gen/
4 lines

Diff 27413

View Options

head/lib/libc/gen/ttyname.c

Loading...