HomeFreeBSD
Diffusion FreeBSD src repository 1a05c762b9c2

Fix the length calculation for the final block of a sendfile(2)
1a05c762b9c2
Actions

Description

Fix the length calculation for the final block of a sendfile(2)
transmission which could be tricked into rounding up to the nearest
page size, leaking up to a page of kernel memory. [13:11]

In IPv6 and NetATM, stop SIOCSIFADDR, SIOCSIFBRDADDR, SIOCSIFDSTADDR
and SIOCSIFNETMASK at the socket layer rather than pass them on to the
link layer without validation or credential checks. [SA-13:12]

Prevent cross-mount hardlinks between different nullfs mounts of the
same underlying filesystem. [SA-13:13]

Security: CVE-2013-5666
Security: FreeBSD-SA-13:11.sendfile
Security: CVE-2013-5691
Security: FreeBSD-SA-13:12.ifioctl
Security: CVE-2013-5710
Security: FreeBSD-SA-13:13.nullfs
Approved by: re

Details

Provenance
desAuthored on Sep 10 2013, 10:05 AM
Parents
rG9dc29a3cf064: Only use a clang'ism if ${CC} is clang.
Branches
Unknown
Tags
Unknown

Event Timeline

Changes (5)

PathSize
sys/
fs/
nullfs/
kern/
net/
netinet6/
netnatm/

rG1a05c762b9c2

View Options

sys/fs/nullfs/null_vnops.c

Loading...
View Options

sys/kern/uipc_syscalls.c

Loading...
View Options

sys/net/if.c

Loading...
View Options

sys/netinet6/in6.c

Loading...
View Options

sys/netnatm/natm.c

Loading...