Diffusion FreeBSD src repository 33b4e2361c82

libnv: verify that string is null terminated
33b4e2361c82
Actions

Description

libnv: verify that string is null terminated

During unpacking, we ensure that we do not read beyond the
declared size. However, unpack uses a function that copies
null-terminated strings. Prior to this commit, if the last string
was not null-terminated, it could result in copying data into a
buffer smaller than the allocated size.

Security: FreeBSD-24:09.libnv
Security: CVE-2024-45288
Security: CAP-03
Reported by: Synacktiv
Sponsored by: The Alpha-Omega Project
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D46138

(cherry picked from commit 3aaaca1b51ad844ef9e9b3d945217ab3dd189bae)
(cherry picked from commit 03bef9971d73621e1703a0bad41b598bc2fce9c6)

Approved by: so

Details

Provenance

oshogbo	Authored on Aug 26 2024, 6:20 PM
emaste	Committed on Wed, Sep 4, 8:28 PM

Differential Revision

Restricted Differential Revision

Parents

rGfd4ee5b9eabf: libnv: allocate buffer in a safe way

Branches

Unknown

Tags

Unknown

Event Timeline

emaste committed rG33b4e2361c82: libnv: verify that string is null terminated (authored by oshogbo).Wed, Sep 4, 8:28 PM

emaste added an edge: Restricted Differential Revision.

Changes (1)

Path

Size

sys/

contrib/

libnv/

bsd_nvpair.c

rG33b4e2361c82

View Options

sys/contrib/libnv/bsd_nvpair.c