d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
FreeBSD src
243,384 Commits 72 Branches 135 Tags 3.2 GiB
C 59.6%
C++ 25.5%
Roff 5.1%
Shell 2.9%
Assembly 2.7%
Other 3.6%
ed9ffd2f09
Go to file
John Baldwin ed9ffd2f09 Validate guest-supplied length of headers for TSO transmit requests. 
When transmitting a large TCP packet, the final transmit descriptor
includes the length of the protocol headers to be duplicated on each
segment.  The device model was trusting the guest-supplied value
without validating it.  A value of zero would result in the guest
being able to indirect a garbage pointer on the stack to overwrite
arbitrary memory in the bhyve process.  A value that was non-zero but
too small for the requested parameters resulted in the device model
reading and writing values beyond the end of the on-stack buffer used
to hold the template header.

To fix, validate the supplied length and drop requests to transmit
packets that would overflow the header buffer.  While here, initialize
the header pointer to NULL as a preventive measure so that any access
to an unallocated template header crashes they hypervisor
deterministically.

While here, only read the TCP sequence number if the packet being
split is a TCP packet.  The e1000 logic supports a segmentation of UDP
frames, and while UDP segmentation requires this part of the header to
be valid (so there is no buffer overflow), only reading the field when
needed is cleaner.

admbugs:	918
Reported by:	Reno Robert <renorobert@gmail.com>
Reviewed by:	markj
Approved by:	so
Security:	CVE-2019-5609
2019-08-05 21:39:55 +00:00
bin Now that we have MK_LS_COLORS, we don't need RELEASE_CRUNCH check here. 2019-07-15 07:35:46 +00:00
cddl add forgotten opening bracket "(" 2019-07-31 21:21:34 +00:00
contrib as: add deprecation notice to the man page 2019-08-01 19:01:27 +00:00
crypto Complete LOCAL_PEERCRED support. Cache pid of the remote process in the 2019-05-30 14:24:26 +00:00
etc Add common firewall test suite 2019-08-05 11:47:34 +00:00
gnu as: add deprecation notice to the man page 2019-08-01 19:01:27 +00:00
include Add mkostempsat(3). 2019-07-29 19:02:16 +00:00
kerberos5 Fix generation of krb5-config with LC_CTYPE=*.UTF-8 2019-07-01 11:47:45 +00:00
lib Add an MLINK for daemonfd(3). 2019-08-01 18:51:18 +00:00
libexec [PPC64] Fix rtld direct exec mode 2019-08-05 13:22:02 +00:00
release motd: Generate from template to /var/run 2019-07-20 20:56:31 +00:00
rescue Remove unused defines since r147075 2019-07-12 04:44:50 +00:00
sbin Fix alignment issue r350599. 2019-08-05 19:30:28 +00:00
secure Merge OpenSSL 1.1.1c. 2019-05-28 21:54:12 +00:00
share Add a driver for Texas Instruments ADS101x/ADS111x i2c ADC chips. 2019-08-05 15:56:44 +00:00
stand [PPC64] Implement CAS 2019-07-31 20:31:36 +00:00
sys procdesc: fix the function name 2019-08-05 20:31:17 +00:00
targets Remove cap_random(3). 2019-07-24 22:50:43 +00:00
tests procdesc: fix reparenting when the debugger is attached 2019-08-05 20:15:46 +00:00
tools [PPC64] Don't mark ld.bfd as obsolete 2019-08-05 13:28:21 +00:00
usr.bin Add bzip2recover.1. 2019-08-02 22:09:56 +00:00
usr.sbin Validate guest-supplied length of headers for TSO transmit requests. 2019-08-05 21:39:55 +00:00
.arcconfig callsign isn't required anymore 2016-09-29 06:19:45 +00:00
.arclint arc lint: ignore /tests/ in chmod 2017-12-19 03:38:06 +00:00
.cirrus.yml cirrus.yml: stop fetching OVMF.fd now that we're using the pkg 2019-07-30 16:40:33 +00:00
.clang-format Add a basic clang-format configuration file 2019-06-07 15:23:52 +00:00
.gitattributes Add a basic clang-format configuration file 2019-06-07 15:23:52 +00:00
.gitignore Ignore _.universe-toolchain file. 2018-07-01 13:50:37 +00:00
COPYRIGHT Happy New Year 2019! 2019-01-01 00:25:25 +00:00
LOCKS LOCKS: update current locks 2018-06-09 03:08:04 +00:00
MAINTAINERS Update/reformat maintainer entries that I am a part of 2019-04-29 18:48:43 +00:00
Makefile pkgbase: Add the sub stage-packages targets to TGTS 2019-07-24 08:00:00 +00:00
Makefile.inc1 Add head(1) to native-xtools so that it can be used in qemu-user jails 2019-06-20 13:24:58 +00:00
Makefile.libcompat libsysdecode: use the proper include directory 2019-07-25 17:10:17 +00:00
Makefile.sys.inc AUTO_OBJ: For all top-level targets enforce using an OBJDIR. 2017-12-05 21:29:47 +00:00
ObsoleteFiles.inc Remove obsolete header file. 2019-08-05 06:01:29 +00:00
README Import OpenSSL 1.1.1c. 2019-05-28 20:08:17 +00:00
README.md README: add generic notes about GENERIC and NOTES 2018-06-17 19:44:24 +00:00
RELNOTES Add an entry for the copy_file_range(2) syscall. 2019-07-31 23:36:23 +00:00
UPDATING Re-wrap the text at 80 columns after fixing the indent in the prior commit. 2019-07-26 17:58:46 +00:00

README.md

FreeBSD Source:

This is the top level of the FreeBSD source directory. This file was last revised on: FreeBSD

FreeBSD is an operating system used to power modern servers, desktops, and embedded platforms. A large community has continually developed it for more than thirty years. Its advanced networking, security, and storage features have made FreeBSD the platform of choice for many of the busiest web sites and most pervasive embedded networking and storage devices.

For copyright information, please see the file COPYRIGHT in this directory. Additional copyright information also exists for some sources in this tree - please see the specific source directories for more information.

The Makefile in this directory supports a number of targets for building components (or all) of the FreeBSD source tree. See build(7), config(8), https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html, and https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig.html for more information, including setting make(1) variables.

Source Roadmap:

bin		System/user commands.

cddl		Various commands and libraries under the Common Development
		and Distribution License.

contrib		Packages contributed by 3rd parties.

crypto		Cryptography stuff (see crypto/README).

etc		Template files for /etc.

gnu		Various commands and libraries under the GNU Public License.
		Please see gnu/COPYING* for more information.

include		System include files.

kerberos5	Kerberos5 (Heimdal) package.

lib		System libraries.

libexec		System daemons.

release		Release building Makefile & associated tools.

rescue		Build system for statically linked /rescue utilities.

sbin		System commands.

secure		Cryptographic libraries and commands.

share		Shared resources.

stand		Boot loader sources.

sys		Kernel sources.

sys/<arch>/conf Kernel configuration files. GENERIC is the configuration
		used in release builds. NOTES contains documentation of
		all possible entries.

tests		Regression tests which can be run by Kyua.  See tests/README
		for additional information.

tools		Utilities for regression testing and miscellaneous tasks.

usr.bin		User commands.

usr.sbin	System administration commands.

For information on synchronizing your source tree with one or more of the FreeBSD Project's development branches, please see:

https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/current-stable.html