HomeFreeBSD
Diffusion FreeBSD src repository 9494dfe1b3fa

fwcontrol: Allocate full fw_asyreq structures passed to the kernel
9494dfe1b3fa
Actions

Description

fwcontrol: Allocate full fw_asyreq structures passed to the kernel

The FW_ASYREQ ioctl accepts a struct fw_asyreq object as its argument,
meaning that the kernel always copies in the full structure in
sys_ioctl before passing the request down to the driver. However,
fwcontrol was allocating smaller objects that contained only the
request header and a variable-sized payload. This means that the
kernel copy in sys_ioctl was reading off the end of this buffer. On
current architectures this happened to be ok, but it is UB.

Instead, allocate a full structure.

Reported by: GCC 14 -Walloc-size
Reviewed by: rlibby, brooks
Differential Revision: https://reviews.freebsd.org/D46014

Details

Provenance
jhbAuthored on Jul 19 2024, 5:08 PM
Reviewer
rlibby
Differential Revision
D46014: fwcontrol: Allocate full fw_asyreq structures passed to the kernel
Parents
rG2ba12978f674: ctld: Consistently use item count as the first argument to calloc
Branches
Unknown
Tags
Unknown

Changes (1)

PathSize
usr.sbin/
fwcontrol/

rG9494dfe1b3fa

View Options

usr.sbin/fwcontrol/fwcontrol.c

Loading...