d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
f3f6e0ebe9
freebsd-dev/sys/dev/mpt
History
Ed Maste 8276c4149b mpr/mps/mpt: verify cfg page ioctl lengths 
*_CFG_PAGE ioctl handlers in the mpr, mps, and mpt drivers allocated a
buffer of a caller-specified size, but copied to it a fixed size header.
Add checks that the size is at least the required minimum.

Note that the device nodes are owned by root:operator with 0640
permissions so the ioctls are not available to unprivileged users.

This change includes suggestions from scottl, markj and mav.

Two of the mpt cases were reported by Lucas Leong (@_wmliang_) of
Trend Micro Zero Day Initiative; scottl reported the third case in mpt.
Same issue found in mpr and mps after discussion with imp.

Reported by:	Lucas Leong (@_wmliang_), Trend Micro Zero Day Initiative
Reviewed by:	imp, mav
MFC after:	3 days
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D34692
2022-03-28 20:35:47 -04:00
..
mpilib mpt: clean up empty lines in .c and .h files 2020-09-01 22:06:41 +00:00
mpt_cam.c mpt: clear CCBs allocated on the stack 2021-05-21 07:59:02 +01:00
mpt_cam.h
mpt_debug.c mpt: clean up empty lines in .c and .h files 2020-09-01 22:06:41 +00:00
mpt_pci.c
mpt_raid.c Mark some sysctls as CTLFLAG_MPSAFE. 2021-08-10 20:44:27 -04:00
mpt_raid.h
mpt_reg.h
mpt_user.c mpr/mps/mpt: verify cfg page ioctl lengths 2022-03-28 20:35:47 -04:00
mpt.c Make MAXPHYS tunable. Bump MAXPHYS to 1M. 2020-11-28 12:12:51 +00:00
mpt.h Make MAXPHYS tunable. Bump MAXPHYS to 1M. 2020-11-28 12:12:51 +00:00