From owner-svn-src-all@freebsd.org Wed Aug 24 12:10:01 2016 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B591CBC32EF for ; Wed, 24 Aug 2016 12:10:01 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: from mail-qk0-x234.google.com (mail-qk0-x234.google.com [IPv6:2607:f8b0:400d:c09::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 6C8BA1709 for ; Wed, 24 Aug 2016 12:10:01 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: by mail-qk0-x234.google.com with SMTP id v123so12251391qkh.2 for ; Wed, 24 Aug 2016 05:10:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hardenedbsd-org.20150623.gappssmtp.com; s=20150623; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=tJaaxp844uY/Hg77Yavqxxwl37jeBwgSKVGRCparc6Y=; b=yUu5Lp1fo/48rtfAVtxHPqT5vtuinSbKwHrwil6I9si6Zwdj44f/MZ9wTk/PmJ7iZS wdULEu0//UzdFz9518MFbL2bvs5LbPY1G1GHBLBKfCVSI5eVlx0k2x6emgtCPc+i8qmJ 3TSdkrxIH9HrFIgUkHznSDNyHLwg5nQl13QzHsJC7Auhga2GqJYT1gSyxc4GOjcJlpL3 sg/ouA63lJ+w7hUGfK1XaePg8r0xziEMhzGskfVLcs4+ww+QAwpWhlf+kM3HpN67wQA+ fGd6g6WkRcrEFOcQxPfjoN6ESXXfw92HNgA13fQ7zL5MxliU3u95kcoEmgnK8PQLA4c1 HZng== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=tJaaxp844uY/Hg77Yavqxxwl37jeBwgSKVGRCparc6Y=; b=V3G+rBEPFoC8v18UlpGrM6qzqtkEliw3nSPG9k7R3/ZDoG/5/VtHAVOkbip6dDmjcv M3+1faI8eJ98RocXInS83QPOxC5pgTMg5fPq75s7Phv4c5PbxQ4hdogi9lZYb1hLZm5M LePo+1ahnhwzD7KlgqCICWpzkBYRVLsZlyTHCeykAyucbobIrPzGSdWnahk4FwuiKeiO wFJn1XxoQXglAOhtfTqo3jkBlHM6VPfloU22NN2Ijdb6t9C+57xCNJrre5gPyxeH3aqT AMKvEjngHHujw5E7RX/hbt8jfvMIxNE++dn8PmBEVvmZDyA4o2RbWgh6JtLEQksgV20U cHeA== X-Gm-Message-State: AE9vXwOJYFAkR3nPUP58L5w5aMujJQRbvtQ46LFwv8JZsknNwvbSGipTeHOLz/408gRkck2U X-Received: by 10.55.141.199 with SMTP id p190mr2824938qkd.185.1472040600561; Wed, 24 Aug 2016 05:10:00 -0700 (PDT) Received: from mutt-hardenedbsd ([63.88.83.66]) by smtp.gmail.com with ESMTPSA id j67sm4435537qkf.41.2016.08.24.05.09.59 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 24 Aug 2016 05:09:59 -0700 (PDT) Date: Wed, 24 Aug 2016 08:09:57 -0400 From: Shawn Webb To: "Landon J. Fuller" Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r304692 - head/sys/dev/bhnd/bhndb Message-ID: <20160824120957.GA74786@mutt-hardenedbsd> References: <201608231903.u7NJ3Bjc019151@repo.freebsd.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="VbJkn9YxBvnuCH5J" Content-Disposition: inline In-Reply-To: <201608231903.u7NJ3Bjc019151@repo.freebsd.org> X-Operating-System: FreeBSD mutt-hardenedbsd 12.0-CURRENT-HBSD FreeBSD 12.0-CURRENT-HBSD X-PGP-Key: http://pgp.mit.edu/pks/lookup?op=vindex&search=0x6A84658F52456EEE User-Agent: Mutt/1.6.1 (2016-04-27) X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Aug 2016 12:10:01 -0000 --VbJkn9YxBvnuCH5J Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Aug 23, 2016 at 07:03:11PM +0000, Landon J. Fuller wrote: > Author: landonf > Date: Tue Aug 23 19:03:11 2016 > New Revision: 304692 > URL: https://svnweb.freebsd.org/changeset/base/304692 >=20 > Log: > bhndb(4): Fix unsigned integer underflow in dynamic register window > handling. This resulted in the window target being left uninitialized > when an underflow occured. Is this remotely exploitable? What are the ramifications of this bug? Thanks, --=20 Shawn Webb Cofounder and Security Engineer HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE --VbJkn9YxBvnuCH5J Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJXvY6UAAoJEGqEZY9SRW7uZvQQAKJCVI3d4wOnGVlE2eGf60c5 pc5ZTAD48XbtD89u6yL/X70jrislIaHeCafU1cd/R55J9ATpmISDcz8aHjQrzQaI 3qwTba0ZoeaLcUhm0Kkkbai+1au1MdW+409gdJNAMjlgVVofyrkns3/yiXOMsVWJ cUzsFM2RTiUOqh7SYK7fgUnIi+OO+53LJNS4cNEPtUohXa2mCXB9bp7HBcB1sX7G 5df6mGjT/xBkNAiru2R4dNmEX8hcPm0uADfqbjYo78weH3cLN+AP5bh3PLB536j7 A8gqpaB35B8FDPyO4kDOytwd/PTS594jr1Xz8lKckCVObliG3JCCvuB5a3eZoGbG 73rUAUbdh+NHv+tHfBxk2IQkO6ovL5svH7HD74HV0oby/97zPXTEsGqLNEvZvFje 9Jv3off1sBN2fxhavGZVxYxADon+NlEVZkmFGD5d/OMCQ5cz/SKJj5xeGY9kCzws /ERsMk02EGD6gsAsEY/G8/Vfng2hspjFDNnR0khV85/pfGoQsUUrw0LReisiJY6j /RKqJJXyJrDVk05Wva/A8BVyh9qm3UUngeR4k8jYR8v73ZrCyqbiRljXk9gqVuR1 tb7ADuVxoYfOdG0e7OcbZhd+1WbGJ52+HS4J8yX/VZGV0gMJ8Xo4sGX9H7+E9BAs dzjM3zK05QoYFs6zxToJ =IduL -----END PGP SIGNATURE----- --VbJkn9YxBvnuCH5J--