freebsd kernel with SKQ
cf099b5a5f
we decide to do a DNS lookup, we NUL terminate the key string provided by the client before passing it into the DNS lookup module. This is actually wrong. Assume the key is 'foo.com'. In this case, key.keydat_val will be "foo.com" and key.keydat_len will be 7 (seven characters; the string is not NUL-terminated so it is not 8 as you might expect). The string "foo.com" is actually allocated by the XDR routines when the RPC request is decoded; exactly 7 bytes are allocated. By adding a NUL, the string becomes "foo.com\0", but the '\0' goes into an 8th byte which was never allocated for this string and which could be anywhere. The result is that while the initial request may succeed, we could trash other dynamically allocated structures (like, oh, I dunno, the circular map cache queue?) and SEGV later. This is in fact what happens. The fix is to copy the string into a larger local buffer and NUL-terminate that buffer instead. Crash first reported by: Ricky Chan <ricky@come.net.uk> Bug finally located with: Electric Fence 2.0.5 |
||
|---|---|---|
| bin | ||
| contrib | ||
| crypto | ||
| eBones | ||
| etc | ||
| games | ||
| gnu | ||
| include | ||
| lib | ||
| libexec | ||
| lkm | ||
| release | ||
| sbin | ||
| secure | ||
| share | ||
| sys | ||
| tools | ||
| usr.bin | ||
| usr.sbin | ||
| COPYRIGHT | ||
| Makefile | ||
| README | ||
This is the top level of the FreeBSD source directory. This file was last revised on: $Id$ For copyright information, please see the file COPYRIGHT in this directory (additional copyright information also exists for some sources in this tree - please see the specific source directories for more information). The Makefile in this directory supports a number of targets for building components (or all) of the FreeBSD source tree, the most commonly used one being ``world'', which rebuilds and installs everything in the FreeBSD system from the source tree except the kernel. Please see the top of the Makefile for more information on the standard build targets and compile-time flags. Building a kernel with config(8) is a somewhat more involved process, documentation for which can be found at: http://www.freebsd.org/handbook/kernelconfig.html And in the config(8) man page. The sample kernel configuration files reside in the sys/i386/conf sub-directory (assuming that you've installed the kernel sources), the file named GENERIC being the one used to build your initial installation kernel. The file LINT contains entries for all possible devices, not just those commonly used, and is meant more as a general reference than an actual kernel configuration file (a kernel built from it wouldn't even run). Source Roadmap: --------------- bin System/User commands. contrib Packages contributed by 3rd parties. eBones Kerberos package - NOT FOR EXPORT! etc Template files for /etc games Amusements. gnu Various commands and libraries under the GNU Public License. Please see gnu/COPYING* for more information. include System include files. lib System libraries. libexec System daemons. lkm Loadable Kernel Modules. release Release building Makefile & associated tools. sbin System commands. secure DES and DES-related utilities - NOT FOR EXPORT! share Shared resources. sys Kernel sources. tools Utilities for regression testing and miscellaneous tasks. usr.bin User commands. usr.sbin System administration commands. For information on synchronizing your source tree with one or more of the FreeBSD Project's development branches, please see: http://www.freebsd.org/handbook/synching.html