Date: Thu, 14 May 2009 10:54:57 +0000 (UTC) From: Konstantin Belousov <kib@FreeBSD.org> To: cvs-src-old@freebsd.org Subject: cvs commit: src/sys/kern kern_sysctl.c Message-ID: <200905141055.n4EAtClE088208@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
kib 2009-05-14 10:54:57 UTC
FreeBSD src repository
Modified files:
sys/kern kern_sysctl.c
Log:
SVN rev 192094 on 2009-05-14 10:54:57Z by kib
Do not advance req->oldidx when sysctl_old_user returning an
error due to copyout failure or short buffer.
The later breaks the usermode iterators of the sysctl results that pack
arbitrary number of variable-sized structures. Iterator expects that
kernel filled exactly oldlen bytes, and tries to interpret half-filled
or garbage structure at the end of the buffer. In particular,
kinfo_getfile(3) segfaulted.
Reported and tested by: pho
MFC after: 3 weeks
Revision Changes Path
1.192 +5 -3 src/sys/kern/kern_sysctl.c
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200905141055.n4EAtClE088208>