Date: Wed, 28 Mar 2018 23:21:15 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 227058] vxge(4): ioctl implementation reads directly from user memory Message-ID: <bug-227058-8@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D227058 Bug ID: 227058 Summary: vxge(4): ioctl implementation reads directly from user memory Product: Base System Version: CURRENT Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: freebsd-bugs@FreeBSD.org Reporter: brooks@FreeBSD.org Most of the access to ifr_data is wrong. This will work by accident some of the time, but will cause crashes in others. An example: vxge_ioctl_regs(vxge_dev_t *vdev, struct ifreq *ifr) { ... char *command =3D ifr->ifr_data; // ***** user pointer ***** ... switch (*command) { // ***** read from user pointer **= *** --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-227058-8>