Date: Fri, 11 Nov 2022 01:25:29 +0000 From: bugzilla-noreply@freebsd.org To: virtualization@FreeBSD.org Subject: [Bug 264521] bhyve: pci_vtscsi_request_handle() can read beyond allocated heap object Message-ID: <bug-264521-27103-At4Afwb6bg@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-264521-27103@https.bugs.freebsd.org/bugzilla/> References: <bug-264521-27103@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D264521 --- Comment #5 from commit-hook@FreeBSD.org --- A commit in branch stable/13 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=3Db37b564ecf0a2e079acbd1866337a5c6e= d739d73 commit b37b564ecf0a2e079acbd1866337a5c6ed739d73 Author: John Baldwin <jhb@FreeBSD.org> AuthorDate: 2022-08-29 22:36:11 +0000 Commit: John Baldwin <jhb@FreeBSD.org> CommitDate: 2022-11-11 01:10:18 +0000 bhyve virtio-scsi: Avoid out of bounds accesses to guest requests. - Ignore I/O requests with insufficiently sized input or output buffers (those not containing compete request headers). - Ignore control requests with improperly sized buffers. - While here, explicitly zero the output header of an I/O request to avoid leaking malloc garbage from the host if the header is not fully populated. PR: 264521 Reported by: Robert Morris <rtm@lcs.mit.edu> Reviewed by: mav, emaste MFC after: 1 week Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D36271 (cherry picked from commit bb31aee26bd13307d97c5d5bf2b10bf05bdc18fd) usr.sbin/bhyve/pci_virtio_scsi.c | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) --=20 You are receiving this mail because: You are on the CC list for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-264521-27103-At4Afwb6bg>