Diffusion FreeBSD src repository 8934002959e0

bhyve: avoid buffer overflow in pci_vtcon_control_send
8934002959e0
Actions

Tags

None

Referenced Files

None

Subscribers

None

Description

bhyve: avoid buffer overflow in pci_vtcon_control_send

The program copies an input buffer to an output buffer without verifying
that the size of the input buffer is less than the size of the output
buffer, leading to a buffer overflow.

Inside the function pci_vtcon_control_send, the length of the iov buffer
is not validated before copy of the payload.

Reported by: Synacktiv
Reviewed by: markj
Security: HYP-19
Sponsored by: The Alpha-Omega Project
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D46105

Details

Provenance

khorben_defora.org	Authored on Jul 24 2024, 6:23 PM
emaste	Committed on Sep 30 2024, 12:01 PM

Reviewer

Differential Revision

Restricted Differential Revision

Parents

rG8e3d252901e8: pf: Split pf_map_addr()

Branches

Unknown

Tags

Unknown

Event Timeline

emaste committed rG8934002959e0: bhyve: avoid buffer overflow in pci_vtcon_control_send (authored by khorben_defora.org).Sep 30 2024, 12:01 PM

emaste added an edge: Restricted Differential Revision.

emaste mentioned this in rGc17d96fe7952: bhyve: avoid buffer overflow in pci_vtcon_control_send.Oct 17 2024, 12:32 PM

emaste mentioned this in rGc4ec2918f26e: bhyve: avoid buffer overflow in pci_vtcon_control_send.Oct 17 2024, 12:34 PM

Changes (1)

Path

Size

usr.sbin/

bhyve/

pci_virtio_console.c

rG8934002959e0

usr.sbin/bhyve/pci_virtio_console.c

Loading...