f8319aba7c
tws_passthru() was doing a copyin of a user-specified request without validating its length, so a malicious request could overrun the buffer. By default, the tws(4) device file is only accessible as root. admbug: 825 Reported by: Anonymous of the Shellphish Grill Team Reviewed by: delphij MFC after: 1 week Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D18536 |
||
---|---|---|
.. | ||
tws_cam.c | ||
tws_hdm.c | ||
tws_hdm.h | ||
tws_services.c | ||
tws_services.h | ||
tws_user.c | ||
tws_user.h | ||
tws.c | ||
tws.h |