freebsd-dev

History

Mark Johnston cb56711d68 Add a bounds check to the tws(4) passthrough ioctl handler. tws_passthru() was doing a copyin of a user-specified request without validating its length, so a malicious request could overrun the buffer. By default, the tws(4) device file is only accessible as root. admbug: 825 Reported by: Anonymous of the Shellphish Grill Team Reviewed by: delphij MFC after: 1 week Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D18536		2019-01-05 15:28:20 +00:00
..
tws_cam.c	Remove support for versions prior to FreeBSD 7.0 from twa(4)	2018-11-13 23:53:24 +00:00
tws_hdm.c
tws_hdm.h
tws_services.c
tws_services.h	Remove support for versions prior to FreeBSD 7.0 from twa(4)	2018-11-13 23:53:24 +00:00
tws_user.c	Add a bounds check to the tws(4) passthrough ioctl handler.	2019-01-05 15:28:20 +00:00
tws_user.h
tws.c	Remove support for versions prior to FreeBSD 7.0 from twa(4)	2018-11-13 23:53:24 +00:00
tws.h