Mark Johnston de828a91db mpr, mps: Fix a stack buffer overflow in the user passthru ioctl ... Previously we copied in the request into a stack-allocated structure that could be smaller than the request size. Furthermore, we checked the request size only after doing the copyin. Fix this by allocating a buffer to hold the request, then copying the buffer's contents into a command descriptor. This is a bit heavy-handed but I expect the overhead will not be noticeable. The approach of coping the header in first is susceptible to TOCTOU problems. Reviewed by: imp Reported by: maxpl0it@protonmail.com MFC after: 3 days Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D27963		2021-01-08 13:32:04 -05:00
..
mpi	mpr: clean up empty lines in .c and .h files	2020-09-01 22:07:12 +00:00
mpr_config.c	mpr: clean up empty lines in .c and .h files	2020-09-01 22:07:12 +00:00
mpr_ioctl.h	mpr: clean up empty lines in .c and .h files	2020-09-01 22:07:12 +00:00
mpr_mapping.c	mpr: clean up empty lines in .c and .h files	2020-09-01 22:07:12 +00:00
mpr_mapping.h	Update copyright information	2018-12-26 10:43:31 +00:00
mpr_pci.c	Refine the busdma template interface. Provide tools for filling in fields	2020-09-14 05:58:12 +00:00
mpr_sas_lsi.c	mpr: clean up empty lines in .c and .h files	2020-09-01 22:07:12 +00:00
mpr_sas.c	Introduce support of SCSI Command Priority.	2020-10-25 19:34:02 +00:00
mpr_sas.h	Before issing the REMOVE_DEVICE command to the firmware, make sure that all	2020-02-25 04:27:23 +00:00
mpr_table.c	mpr: clean up empty lines in .c and .h files	2020-09-01 22:07:12 +00:00
mpr_table.h	Convert some in-line printing of diagnostic into tables.	2017-09-09 22:02:36 +00:00
mpr_user.c	mpr, mps: Fix a stack buffer overflow in the user passthru ioctl	2021-01-08 13:32:04 -05:00
mpr.c	Make MAXPHYS tunable. Bump MAXPHYS to 1M.	2020-11-28 12:12:51 +00:00
mprvar.h	mpr: clean up empty lines in .c and .h files	2020-09-01 22:07:12 +00:00