d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Make sure buffers in if_bridge are fully initialized before copying

Browse Source 
them to userland.

Security:	FreeBSD-SA-06:06.kmem
This commit is contained in:
Colin Percival 2006-01-25 10:00:40 +00:00
parent df59a0fee7
commit 02d4ab93fb
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=154806
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
sys/net/if_bridge.c
View File

@ -615,6 +615,7 @@ bridge_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
break;
}
bzero(&args, sizeof args);
if (bc->bc_flags & BC_F_COPYIN) {
error = copyin(ifd->ifd_data, &args, ifd->ifd_len);
if (error)
@ -1022,6 +1023,7 @@ bridge_ioctl_gifs(struct bridge_softc *sc, void *arg)
count = 0;
len = bifc->ifbic_len;
bzero(&breq, sizeof breq);
LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
if (len < sizeof(breq))
break;
@ -1075,6 +1077,7 @@ bridge_ioctl_rts(struct bridge_softc *sc, void *arg)
return (0);
len = bac->ifbac_len;
bzero(&bareq, sizeof bareq);
LIST_FOREACH(brt, &sc->sc_rtlist, brt_list) {
if (len < sizeof(bareq))
goto out;