Date: Sun, 17 Mar 2002 23:20:04 -0800 (PST) From: David Greenman <dg@root.com> To: freebsd-bugs@FreeBSD.org Subject: Re: kern/36038: sendfile(2) on smbfs fails, exposes kernel memory to userspace Message-ID: <200203180720.g2I7K4J75063@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/36038; it has been noted by GNATS. From: David Greenman <dg@root.com> To: "Tim J. Robbins" <tim@robbins.dropbear.id.au> Cc: FreeBSD-gnats-submit@FreeBSD.org Subject: Re: kern/36038: sendfile(2) on smbfs fails, exposes kernel memory to userspace Date: Sun, 17 Mar 2002 23:12:28 -0800 >sendfile(2) on a file on a smbfs mount usually fails with errno == EFAULT. >However, in certain situations it can accidentally leak what appears to >be random kernel memory. After a quick look at this, it appears that md_get_uio() (located in kern/sysbr_mchain.c) doesn't support UIO_NOCOPY, which sendfile() requires. This function (and it's children) appear to be only used by smbfs. -DG David Greenman Co-founder, The FreeBSD Project - http://www.freebsd.org President, TeraSolutions, Inc. - http://www.terasolutions.com President, Download Technologies, Inc. - http://www.downloadtech.com Pave the road of life with opportunities. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200203180720.g2I7K4J75063>