d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
91f5df38c9
freebsd-dev/sys
History
Michael Tuexen a85b7f125b Improve the input validation for l_linger. 
When using the SOL_SOCKET level socket option SO_LINGER, the structure
struct linger is used as the option value. The component l_linger is of
type int, but internally copied to the field so_linger of the structure
struct socket. The type of so_linger is short, but it is assumed to be
non-negative and the value is used to compute ticks to be stored in a
variable of type int.

Therefore, perform input validation on l_linger similar to the one
performed by NetBSD and OpenBSD.

Thanks to syzkaller for making me aware of this issue.

Thanks to markj@ for pointing out that a similar check should be added
to so_linger_set().

Reviewed by:		markj@
MFC after:		2 weeks
Differential Revision:	https://reviews.freebsd.org/D20948
2019-07-14 21:44:18 +00:00
..
amd64 Fix syntax. 2019-07-12 19:14:52 +00:00
arm Provide protection against starvation of the ll/sc loops when accessing userpace. 2019-07-12 18:43:24 +00:00
arm64 Revert r349442, which was a workaround for bus errors caused by an errant 2019-07-13 16:32:19 +00:00
bsm
cam Remove the CDIOCREADSUBCHANNEL_SYSSPACE ioctl. 2019-07-03 00:10:01 +00:00
cddl Merge the vm_page hold and wire mechanisms. 2019-07-08 19:46:20 +00:00
compat linuxcommon: add module version 2019-07-10 13:47:10 +00:00
conf Put USB ACPI code into own module, uacpi.ko. 2019-07-08 20:53:25 +00:00
contrib Calculate the offset of the interface name using FR_NAME rather than 2019-07-14 02:46:34 +00:00
crypto
ddb ddb show proc typo 2019-06-22 05:35:23 +00:00
dev netmap: fix bug introduced by r349752 2019-07-13 08:08:25 +00:00
dts
fs Add additional check for 'blocks per group' and 'fragments per group' superblock fields. 2019-07-07 08:58:02 +00:00
gdb
geom g_mirror_taste: avoid deadlock, always clear tasting flag 2019-07-01 22:06:36 +00:00
gnu
i386 Remove a stale comment. 2019-07-13 15:53:28 +00:00
isa
kern Improve the input validation for l_linger. 2019-07-14 21:44:18 +00:00
kgssapi
libkern Separate kernel crc32() implementation to its own header (gsb_crc32.h) and 2019-06-17 19:49:08 +00:00
mips Provide protection against starvation of the ll/sc loops when accessing userpace. 2019-07-12 18:43:24 +00:00
modules This commit updates rack to what is basically being used at NF as 2019-07-10 20:40:39 +00:00
net Fix a typo in r349969 2019-07-14 03:49:48 +00:00
net80211
netgraph
netinet This is the second in a number of patches needed to 2019-07-14 16:05:47 +00:00
netinet6 When calling sctp_initialize_auth_params(), the inp must have at 2019-07-14 12:04:39 +00:00
netipsec netipsec key_register: check for M_NOWAIT alloc failure 2019-06-25 15:43:52 +00:00
netpfil Do not modify cmd pointer if it is already last opcode in the rule. 2019-07-12 09:59:21 +00:00
netsmb
nfs
nfsclient
nfsserver
nlm
ofed
opencrypto
powerpc powerpc64/pmap: No need for moea64_pvo_remove_from_page_locked() wrapper 2019-07-13 03:39:46 +00:00
riscv Provide protection against starvation of the ll/sc loops when accessing userpace. 2019-07-12 18:43:24 +00:00
rpc
security
sparc64 Provide protection against starvation of the ll/sc loops when accessing userpace. 2019-07-12 18:43:24 +00:00
sys Add arm_sync_icache() and arm_drain_writebuf() sysarch syscall wrappers. 2019-07-13 15:34:29 +00:00
teken
tests
tools
ufs Add a new "untrusted" option to the mount command. Its purpose 2019-07-01 23:22:26 +00:00
vm Merge the vm_page hold and wire mechanisms. 2019-07-08 19:46:20 +00:00
x86 PR: 239143 2019-07-14 21:08:54 +00:00
xdr
xen
Makefile