Diffusion FreeBSD src repository babfd2e46762

bhyve: Initialize stack buffer in pci_ahci
babfd2e46762
Actions

Description

bhyve: Initialize stack buffer in pci_ahci

In the function ahci_handle_dsm_trim, if the call to read_prdt fails,
the variable buf[512] is used while it contains uninitialized data.

It is easy to make the call to read_prdt fail, for instance if
hdr->prdtl == NULL, the function will return without writing anything in
buf.

In addition, this code could be hardened by checking the value of done
before accessing &buf[done].

Reported by: Synacktiv
Reviewed by: markj
Security: HYP-15
Sponsored by: The Alpha-Omega Project
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D46090

(cherry picked from commit 71fa171c6480d60f4d9c01dea1c71a7249e7b8ab)

Details

Provenance

khorben_defora.org	Authored on Jul 23 2024, 2:34 PM
emaste	Committed on Oct 29 2024, 7:19 PM

Reviewer

markj

Differential Revision

Restricted Differential Revision

Parents

rG4fbd6e0e3ca8: libc: fix access mode tests in fmemopen(3)

Branches

Unknown

Tags

Unknown

Event Timeline

emaste committed rGbabfd2e46762: bhyve: Initialize stack buffer in pci_ahci (authored by khorben_defora.org).Oct 29 2024, 7:19 PM

emaste added an edge: Restricted Differential Revision.Oct 29 2024, 7:31 PM

emaste mentioned this in rG114ba4f2cdc7: bhyve: Initialize stack buffer in pci_ahci.Tue, Nov 19, 9:18 PM

Changes (1)

Path

Size

usr.sbin/

bhyve/

pci_ahci.c

rGbabfd2e46762

View Options