Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 20 May 2016 17:53:53 +0000
From:      bugzilla-noreply@freebsd.org
To:        freebsd-amd64@FreeBSD.org
Subject:   [Bug 209661] amd64_set_ioperm overflow
Message-ID:  <bug-209661-6-dm07fOSkSG@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-209661-6@https.bugs.freebsd.org/bugzilla/>
References:  <bug-209661-6@https.bugs.freebsd.org/bugzilla/>

next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D209661

--- Comment #2 from CTurt <cturt@hardenedbsd.org> ---
Sorry, I made a mistake in my report; the bound check is incorrect, as
described, however, no negative array index will occur from this since an
unsigned comparison is used in the loop. The impact is simply that `0` will=
 be
returned instead of `EINVAL`.

This patch is good because unsigned is more appropriate for `i`, however it
doesn't fix the bug.

An additional patch should be applied to validate user arguments more
effectively than the current bound check, so that the arguments I posted
originally will no longer be accepted.

--=20
You are receiving this mail because:
You are on the CC list for the bug.=



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-209661-6-dm07fOSkSG>