Source-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: src/sys/external/bsd/libnv/dist



Module Name:    src
Committed By:   riastradh
Date:           Wed Sep  4 12:57:10 UTC 2024

Modified Files:
        src/sys/external/bsd/libnv/dist: nvpair.c

Log Message:
libnv: Check for NUL within bounds when unpacking string arrays.

This avoids buffer overrun in the subsequent nv_strdup, which can be
triggered by root at securelevel 1 via ioctl(IOC_NPF_*) on /dev/npf.

Matches upstream FreeBSD change by Mariusz Zaborski
<oshogbo%FreeBSD.org@localhost>.

CVE-2024-45288

PR security/58652: libnv: Integer overflow and buffer overrun
vulnerabilities


To generate a diff of this commit:
cvs rdiff -u -r1.12 -r1.13 src/sys/external/bsd/libnv/dist/nvpair.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.




Home | Main Index | Thread Index | Old Index