freebsd-skq/sys/dev/tws
Mark Johnston cb56711d68 Add a bounds check to the tws(4) passthrough ioctl handler.
tws_passthru() was doing a copyin of a user-specified request
without validating its length, so a malicious request could overrun
the buffer.  By default, the tws(4) device file is only accessible
as root.

admbug:		825
Reported by:	Anonymous of the Shellphish Grill Team
Reviewed by:	delphij
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D18536
2019-01-05 15:28:20 +00:00
..
tws_cam.c Remove support for versions prior to FreeBSD 7.0 from twa(4) 2018-11-13 23:53:24 +00:00
tws_hdm.c
tws_hdm.h
tws_services.c
tws_services.h Remove support for versions prior to FreeBSD 7.0 from twa(4) 2018-11-13 23:53:24 +00:00
tws_user.c Add a bounds check to the tws(4) passthrough ioctl handler. 2019-01-05 15:28:20 +00:00
tws_user.h
tws.c Remove support for versions prior to FreeBSD 7.0 from twa(4) 2018-11-13 23:53:24 +00:00
tws.h