HomeFreeBSD

MFC r341484

Description

MFC r341484

Always treat firmware request and response sizes as unsigned.

This fixes an incomplete bounds check on the guest-supplied request
size where a very large request size could be interpreted as a negative
value and not be caught by the bounds check.

Submitted by: jhb
Reported by: Reno Robert
Approved by: so
Security: FreeBSD-SA-18:14.bhyve
Security: CVE-2018-17160

Details

Provenance
gordonAuthored on
Parents
rS341484: Always treat firmware request and response sizes as unsigned.
Branches
Unknown
Tags
Unknown