Date: Mon, 12 Jun 2000 21:14:22 +0200 (CEST) From: Marius Bendiksen <mbendiks@eunet.no> To: security@freebsd.org Cc: mbendiks@eunet.no Subject: msdosfs_vnops.c : msdosfs_rename() Message-ID: <Pine.BSF.4.05.10006122110530.703-100000@login-1.eunet.no>
next in thread | raw e-mail | index | archive | help
It would appear to me that, in the following section, there is the
potential for a malicious user to cause a system panic. Could anyone
confirm/disaffirm this?
if (fvp == NULL) {
/*
* From name has disappeared
*/
if (doingdirectory)
panic("rename: lost dir entry");
This is after rescanning the directory during a rename operation. Neither
the directory, nor the entry, is locked at this point, according to the
comments in the source.
---
Marius Bendiksen
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.10006122110530.703-100000>