HomeFreeBSD

Always treat firmware request and response sizes as unsigned.

Description

Always treat firmware request and response sizes as unsigned.

This fixes an incomplete bounds check on the guest-supplied request
size where a very large request size could be interpreted as a negative
value and not be caught by the bounds check.

Submitted by: jhb
Reported by: Reno Robert
Approved by: so
Security: FreeBSD-SA-18:14.bhyve
Security: CVE-2018-17160

Details

Committed
gordonDec 4 2018, 6:28 PM
Parents
rS341483: MFC r341430
Branches
Unknown
Tags
Unknown