Date: Thu, 09 Feb 2017 13:49:12 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 216939] A buffer underflow in the ZFS implementation of vop_vptocnp VFS method Message-ID: <bug-216939-8@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=216939 Bug ID: 216939 Summary: A buffer underflow in the ZFS implementation of vop_vptocnp VFS method Product: Base System Version: 10.3-STABLE Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: kern Assignee: freebsd-bugs@FreeBSD.org Reporter: fbsd@any.com.ru Created attachment 179795 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=179795&action=edit This patch adds check for remaining buffer space. ENOMEM will be returned when buffer too small. ZFS implementation the vop_vptocnp VFS method doesn't check for remaining buffer space. So some memory before the begin of buffer may be overwritten. Also negative buffer length may be returned. This affects at least kern___getcwd function on 64-bit platforms. Buffer length in vn_fullpath1 used by kern___getcwd have declared as unsigned int, so '/' char may be written far beyond the end of the buffer. -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-216939-8>