f8319aba7c
tws_passthru() was doing a copyin of a user-specified request without validating its length, so a malicious request could overrun the buffer. By default, the tws(4) device file is only accessible as root. admbug: 825 Reported by: Anonymous of the Shellphish Grill Team Reviewed by: delphij MFC after: 1 week Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D18536