Page MenuHomeFreeBSD

bnxt(4): Fix ioctls when user addresses are inaccessable.
ClosedPublic

Authored by brooks on Mar 2 2020, 11:15 PM.
Tags
None
Referenced Files
Unknown Object (File)
Wed, Nov 27, 10:31 AM
Unknown Object (File)
Fri, Nov 1, 4:16 AM
Unknown Object (File)
Oct 4 2024, 9:39 PM
Unknown Object (File)
Oct 4 2024, 7:05 PM
Unknown Object (File)
Oct 1 2024, 5:48 AM
Unknown Object (File)
Sep 30 2024, 11:21 PM
Unknown Object (File)
Sep 30 2024, 6:41 AM
Unknown Object (File)
Sep 26 2024, 2:27 PM
Subscribers

Details

Summary

Check copyin's error code (differ adding copyout checks at this time).

Don't directly access user memory in the switch statement.

Since bnxt_ioctl_data isn't all that big, use a stack allocation.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

I would maybe do it as two commits (bnxt on its own)? I was going to suggest checking the copyin/copyout return errors in bnxt, but that's a non-trivial change worthy of its own commit if someone does it. The copyin in particular really should be checked to avoid using malloc garbage as inputs to the routines the ioctls invoke.

This revision is now accepted and ready to land.Mar 3 2020, 5:33 PM
  • Rebase
  • Check copyin's error code.
  • Don't free a stack pointer.
This revision now requires review to proceed.Mar 3 2020, 7:05 PM
This revision is now accepted and ready to land.Mar 3 2020, 10:39 PM