Diffusion FreeBSD src repository 114ba4f2cdc7

bhyve: Initialize stack buffer in pci_ahci
114ba4f2cdc7
Actions

Description

bhyve: Initialize stack buffer in pci_ahci

In the function ahci_handle_dsm_trim, if the call to read_prdt fails,
the variable buf[512] is used while it contains uninitialized data.

It is easy to make the call to read_prdt fail, for instance if
hdr->prdtl == NULL, the function will return without writing anything in
buf.

In addition, this code could be hardened by checking the value of done
before accessing &buf[done].

Reported by: Synacktiv
Reviewed by: markj
Security: HYP-15
Sponsored by: The Alpha-Omega Project
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D46090

(cherry picked from commit 71fa171c6480d60f4d9c01dea1c71a7249e7b8ab)
(cherry picked from commit babfd2e46762cb835fec66945aa60404f247c521)

Details

Provenance

khorben_defora.org	Authored on Jul 23 2024, 2:34 PM
emaste	Committed on Nov 19 2024, 5:38 PM

Reviewer

markj

Differential Revision

Restricted Differential Revision

Parents

rG5544391d8724: sleepqueue: Fix the comment for sleepq_switch()

Branches

Unknown

Tags

Unknown

Event Timeline

emaste committed rG114ba4f2cdc7: bhyve: Initialize stack buffer in pci_ahci (authored by khorben_defora.org).Nov 19 2024, 5:38 PM

emaste added an edge: Restricted Differential Revision.Nov 19 2024, 9:18 PM

Changes (1)

Path

Size

usr.sbin/

bhyve/

pci_ahci.c

rG114ba4f2cdc7

View Options