Diffusion FreeBSD src repository 71fa171c6480

bhyve: Initialize stack buffer in pci_ahci
71fa171c6480
Actions

Description

bhyve: Initialize stack buffer in pci_ahci

In the function ahci_handle_dsm_trim, if the call to read_prdt fails,
the variable buf[512] is used while it contains uninitialized data.

It is easy to make the call to read_prdt fail, for instance if
hdr->prdtl == NULL, the function will return without writing anything in
buf.

In addition, this code could be hardened by checking the value of done
before accessing &buf[done].

Reported by: Synacktiv
Reviewed by: markj
Security: HYP-15
Sponsored by: The Alpha-Omega Project
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D46090

Details

Provenance

khorben_defora.org	Authored on Jul 23 2024, 2:34 PM
emaste	Committed on Sep 26 2024, 6:06 PM

Reviewer

markj

Differential Revision

Restricted Differential Revision

Parents

rGa3d5dec42007: release(7): fix the spelling of git.FreeBSD.org

Branches

Unknown

Tags

Unknown

Event Timeline

emaste committed rG71fa171c6480: bhyve: Initialize stack buffer in pci_ahci (authored by khorben_defora.org).Sep 26 2024, 6:06 PM

emaste added an edge: Restricted Differential Revision.Sep 26 2024, 8:38 PM

jhb mentioned this in D47224: bhyve ahci: Improve robustness of TRIM handling.Mon, Oct 21, 4:09 PM

jhb mentioned this in rG8c8ebbb04518: bhyve ahci: Improve robustness of TRIM handling.Thu, Oct 24, 2:18 PM

emaste mentioned this in rGbabfd2e46762: bhyve: Initialize stack buffer in pci_ahci.Tue, Oct 29, 7:31 PM

emaste mentioned this in rG3981cf108773: bhyve ahci: Improve robustness of TRIM handling.

Changes (1)

Path

Size

usr.sbin/

bhyve/

pci_ahci.c

rG71fa171c6480

View Options