CVS commit: src/sys/compat/sys

To: source-changes%NetBSD.org@localhost
Subject: CVS commit: src/sys/compat/sys
From: "Maxime Villard" <maxv%netbsd.org@localhost>
Date: Sat, 27 Jun 2020 07:00:43 +0000

Module Name:    src
Committed By:   maxv
Date:           Sat Jun 27 07:00:43 UTC 2020

Modified Files:
        src/sys/compat/sys: mount.h

Log Message:
Yet another idiotic compat syscall that was developed with literally zero
test made. Simply invoking this syscall with _valid parameters_ triggers a
fatal fault, because the kernel tries to write to userland addresses.

With specially-crafted parameters it is easy to completely escalate
privileges into the kernel.

Also the size of the allocation is just obviously wrong, but it looks like
the callers are even more wrong, so not gonna fix it for now.

Reported-by: syzbot+b05096f3114b2820d81c%syzkaller.appspotmail.com@localhost


To generate a diff of this commit:
cvs rdiff -u -r1.11 -r1.12 src/sys/compat/sys/mount.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: src
Next by Date: CVS commit: src/sys/dev/usb
Previous by Thread: CVS commit: src
Next by Thread: CVS commit: src/sys/dev/usb
Indexes:

Home | Main Index | Thread Index | Old Index