CVS commit: src/sys

To: source-changes%NetBSD.org@localhost
Subject: CVS commit: src/sys
From: "Taylor R Campbell" <riastradh%netbsd.org@localhost>
Date: Thu, 7 Jul 2022 18:17:33 +0000

Module Name:    src
Committed By:   riastradh
Date:           Thu Jul  7 18:17:33 UTC 2022

Modified Files:
        src/sys/compat/common: uipc_syscalls_40.c
        src/sys/net: if.c

Log Message:
ifioctl(9): Don't touch ifconf or ifreq until command is validated.

sys_ioctl validates the data pointer according to the command's size
and direction.  But userland may ioctl commands other than
OSIOCGIFCONF or OOSIOCGIFCONF -- and if userland passes an IOC_VOID
command, the argument is passed through verbatim and may be null.

Reported-by: syzbot+19b1bf83e5481273eafc%syzkaller.appspotmail.com@localhost
https://syzkaller.appspot.com/bug?id=f4c91a7dcd31901c80d91af6ed01456faf0a7286

Reported-by: syzbot+442c033feb784d055185%syzkaller.appspotmail.com@localhost
https://syzkaller.appspot.com/bug?id=4a3a4b92dbe9695046ff17a5474cef52aed23e0b

Reported-by: syzbot+4c87d0cdf7025741ea7a%syzkaller.appspotmail.com@localhost
https://syzkaller.appspot.com/bug?id=3e5f42c998e43ad42da40dec3c7873e6aae187e4


To generate a diff of this commit:
cvs rdiff -u -r1.23 -r1.24 src/sys/compat/common/uipc_syscalls_40.c
cvs rdiff -u -r1.505 -r1.506 src/sys/net/if.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: src/tests/usr.bin/xlint/lint1
Next by Date: CVS commit: src/share/man/man9
Previous by Thread: CVS commit: src/tests/usr.bin/xlint/lint1
Next by Thread: CVS commit: src/share/man/man9
Indexes:

Home | Main Index | Thread Index | Old Index