Diffusion FreeBSD src repository 653a437c0444

accept_filter: Fix filter parameter handling
653a437c0444
Actions

Tags

None

Referenced Files

None

Subscribers

None

Description

accept_filter: Fix filter parameter handling

For filters which implement accf_create, the setsockopt(2) handler
caches the filter name in the socket, but it also incorrectly frees the
buffer containing the copy, leaving a dangling pointer. Note that no
accept filters provided in the base system are susceptible to this, as
they don't implement accf_create.

Reported by: Alexey Kulaev <alex.qart@gmail.com>
Discussed with: emaste
Security: kernel use-after-free
MFC after: 3 days
Sponsored by: The FreeBSD Foundation

Details

Provenance

Authored on Mar 25 2021, 9:55 PM

Parents

rG15f335556783: cxgbe(4): Allow a T6 adapter to switch between TOE and NIC TLS mode.

Branches

Unknown

Tags

Unknown

Event Timeline

markj committed rG653a437c0444: accept_filter: Fix filter parameter handling (authored by markj).Mar 25 2021, 9:55 PM

markj mentioned this in rG6008a5fad3c1: accept_filter: Fix filter parameter handling.Mar 28 2021, 12:25 AM

markj mentioned this in rGc7d10e7ec872: accept_filter: Fix filter parameter handling.

markj mentioned this in rGaf6611e5adc6: accept_filter: Fix filter parameter handling.Mar 28 2021, 3:04 PM

markj mentioned this in rG49f3ea024bc1: accept_filter: Fix filter parameter handling.Apr 6 2021, 7:21 PM

Changes (1)

Path

Size

sys/

kern/

rG653a437c0444

sys/kern/uipc_accf.c

Loading...