HomeFreeBSD

Add a bounds check to the tws(4) passthrough ioctl handler.

Description

Add a bounds check to the tws(4) passthrough ioctl handler.

tws_passthru() was doing a copyin of a user-specified request
without validating its length, so a malicious request could overrun
the buffer. By default, the tws(4) device file is only accessible
as root.

admbug: 825
Reported by: Anonymous of the Shellphish Grill Team
Reviewed by: delphij
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D18536

Details

Committed
markjSat, Jan 5, 3:28 PM
Reviewer
delphij
Differential Revision
D18536: Add bounds checking to the tws(4) passthrough ioctl handler.
Parents
rS342786: MFC r342688:
Branches
Unknown
Tags
Unknown