From owner-svn-src-head@freebsd.org Wed Aug 24 12:24:02 2016 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 94F88BC39A3; Wed, 24 Aug 2016 12:24:02 +0000 (UTC) (envelope-from mizhka@gmail.com) Received: from mail-wm0-x229.google.com (mail-wm0-x229.google.com [IPv6:2a00:1450:400c:c09::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 2B06B1F4C; Wed, 24 Aug 2016 12:24:02 +0000 (UTC) (envelope-from mizhka@gmail.com) Received: by mail-wm0-x229.google.com with SMTP id i5so25125704wmg.0; Wed, 24 Aug 2016 05:24:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=RmjDrqOCDACgxem7L5pN9kjf9urTGKDZYrdZPLpJHdc=; b=wot4ZsAvYVCFqo5ztLnrF23q6HMbyB58aduAjPZ8IrgnGKcx78OsUeuM7y/dbgboRF cpANIeqziZs32JgT9wsQ/8KHAH4E6H1uXCtNM6fuBYWHL6Q4+c30PFujPjEGSAb492Hy aoOgOzHDwtMm279UT/cFLlLgfszIBbl7qQKxZ9NWvDn+iSaVEa3WOJ4orVHFPlKtnyIw XZGZP6fIwMKL8aX4P/xXSFk7cSoUFM7Lb+L/tipWLjjsxmrsY3yS43W3AMdbfxDTwE09 ZTScNgt4XuSYLO9KoJE15guzMrNuKY6JQB5UAK+/oQnvdtnhRH/oJYm8BLax8qyqStY5 Qbeg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=RmjDrqOCDACgxem7L5pN9kjf9urTGKDZYrdZPLpJHdc=; b=DL+qKjRIu5pYyrkedlMWG3U+hmAIu1WhHG7bwWurdkOYAnVMpu8Nk0nrqnE1lXwUTX 21zhusPBK1nWVL1vPgLsWQDp5cDaN5sFii4XsZY8uD6yCghxQg2w1M+ly32H8LLqcIy6 ZJTlGJtG/vadhPNUO1wOnDhv5dHiD+a8OaijKoFtdXmmdEu6zo8l6+XxmLzfoY+2trWA vinkDUL+I19RXQF+ikgqzWtc6l4+/weHq54TwBuhrhmZFpjnStkgiopvI31eHRlDMksZ uRjdO+CW/kFaA0WZl8N1xfwOAlQO0IpI97A+5h/aF3e7zCh23buerf3BSSeDq+7xY59q BKkA== X-Gm-Message-State: AEkooutByYJDIpYcX+ZUFZ7GdiCru9xcsue9Akkp/ibnf+oPRDavSpVQMOa/6BJdN55sj5haEyXl3Pf+us6bZQ== X-Received: by 10.195.14.11 with SMTP id fc11mr2798489wjd.148.1472041440590; Wed, 24 Aug 2016 05:24:00 -0700 (PDT) MIME-Version: 1.0 Received: by 10.28.7.71 with HTTP; Wed, 24 Aug 2016 05:24:00 -0700 (PDT) In-Reply-To: <20160824120957.GA74786@mutt-hardenedbsd> References: <201608231903.u7NJ3Bjc019151@repo.freebsd.org> <20160824120957.GA74786@mutt-hardenedbsd> From: Michael Zhilin Date: Wed, 24 Aug 2016 15:24:00 +0300 Message-ID: Subject: Re: svn commit: r304692 - head/sys/dev/bhnd/bhndb To: Shawn Webb Cc: "Landon J. Fuller" , src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.22 X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Aug 2016 12:24:02 -0000 Hi, I doubt. bhndb is new bus driver (WIP) and nobody use it now. In future it will be used for BroadCom WiFi card (bwn) attached to PCI bus. Best regards, Michael On Wed, Aug 24, 2016 at 3:09 PM, Shawn Webb wrote: > On Tue, Aug 23, 2016 at 07:03:11PM +0000, Landon J. Fuller wrote: > > Author: landonf > > Date: Tue Aug 23 19:03:11 2016 > > New Revision: 304692 > > URL: https://svnweb.freebsd.org/changeset/base/304692 > > > > Log: > > bhndb(4): Fix unsigned integer underflow in dynamic register window > > handling. This resulted in the window target being left uninitialized > > when an underflow occured. > > Is this remotely exploitable? What are the ramifications of this bug? > > Thanks, > > -- > Shawn Webb > Cofounder and Security Engineer > HardenedBSD > > GPG Key ID: 0x6A84658F52456EEE > GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE >