HardenedBSD

mirror of https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git synced 2024-11-22 20:01:08 +01:00

History

John Baldwin 9494dfe1b3 fwcontrol: Allocate full fw_asyreq structures passed to the kernel The FW_ASYREQ ioctl accepts a struct fw_asyreq object as its argument, meaning that the kernel always copies in the full structure in sys_ioctl before passing the request down to the driver. However, fwcontrol was allocating smaller objects that contained only the request header and a variable-sized payload. This means that the kernel copy in sys_ioctl was reading off the end of this buffer. On current architectures this happened to be ok, but it is UB. Instead, allocate a full structure. Reported by: GCC 14 -Walloc-size Reviewed by: rlibby, brooks Differential Revision: https://reviews.freebsd.org/D46014		2024-07-19 13:09:32 -04:00
..
fwcontrol.8
fwcontrol.c
fwdv.c
fwmethods.h
fwmpegts.c
Makefile
Makefile.depend