Date: Mon, 7 Oct 2024 00:16:13 GMT From: Mark Johnston <markj@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: fdd100a7150e - main - devctl: Add missing validation to DEV_RESET Message-ID: <202410070016.4970GDe1080348@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=fdd100a7150e34d8d98cb38e701b3cb073208653 commit fdd100a7150e34d8d98cb38e701b3cb073208653 Author: Mark Johnston <markj@FreeBSD.org> AuthorDate: 2024-10-06 22:56:40 +0000 Commit: Mark Johnston <markj@FreeBSD.org> CommitDate: 2024-10-07 00:16:07 +0000 devctl: Add missing validation to DEV_RESET As in other ioctls which access the parent bus, we need to check for a NULL parent here. Otherwise it's possible to trigger a null pointer dereference by resetting the root device. Reported by: Elliott Mitchell <ehem+freebsd@m5p.com> Reviewed by: imp, kib Differential Revision: https://reviews.freebsd.org/D46965 --- sys/kern/subr_bus.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/sys/kern/subr_bus.c b/sys/kern/subr_bus.c index 7fe46995ee54..d0c41b59dbb6 100644 --- a/sys/kern/subr_bus.c +++ b/sys/kern/subr_bus.c @@ -5859,6 +5859,10 @@ devctl2_ioctl(struct cdev *cdev, u_long cmd, caddr_t data, int fflag, error = EINVAL; break; } + if (device_get_parent(dev) == NULL) { + error = EINVAL; + break; + } error = BUS_RESET_CHILD(device_get_parent(dev), dev, req->dr_flags); break;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202410070016.4970GDe1080348>