freebsd-skq/sys
Mark Johnston de828a91db mpr, mps: Fix a stack buffer overflow in the user passthru ioctl
Previously we copied in the request into a stack-allocated structure
that could be smaller than the request size.  Furthermore, we checked
the request size only after doing the copyin.

Fix this by allocating a buffer to hold the request, then copying the
buffer's contents into a command descriptor.  This is a bit heavy-handed
but I expect the overhead will not be noticeable.  The approach of
coping the header in first is susceptible to TOCTOU problems.

Reviewed by:	imp
Reported by:	maxpl0it@protonmail.com
MFC after:	3 days
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D27963
2021-01-08 13:32:04 -05:00
..
amd64 pccard: Remove wi(4) driver 2021-01-07 20:41:06 -07:00
arm Factor-out hardware-independent part of USB HID support to new module 2021-01-08 02:18:42 +03:00
arm64 hid: Import functions and constants required by new subsystem 2021-01-08 02:18:42 +03:00
bsm Add aio_writev and aio_readv 2021-01-02 19:57:58 -07:00
cam cam: Remove Giant handling from cam_sim_alloc() 2021-01-03 11:50:31 -05:00
cddl Install dtrace.h and dependencies 2021-01-07 09:26:21 +00:00
compat Regenerate syscall files after reallocation of aio_writev/aio_readv 2021-01-07 19:50:32 -07:00
conf pccard: Remove wi(4) driver 2021-01-07 20:41:06 -07:00
contrib Fix memory leaks in error paths in krping. 2021-01-08 12:35:55 +01:00
crypto armv8crypto: add AES-XTS support 2021-01-07 15:35:20 -04:00
ddb ddb: Display process flags (p_flag and p_flag2) in 'show proc'. 2020-12-31 16:01:52 -08:00
dev mpr, mps: Fix a stack buffer overflow in the user passthru ioctl 2021-01-08 13:32:04 -05:00
dts Brand our DTS with the Linux version it was imported from 2020-10-10 07:18:51 +00:00
fs Fix vnode locking bug in fuse_vnop_copy_file_range 2021-01-03 11:16:20 -07:00
gdb gdb(4): allow bulk write of registers 2020-12-23 14:37:05 -04:00
geom geom(4): make g_newprovider_event() return if G_P_WITHER is set 2020-12-29 14:29:59 +00:00
gnu ARM64: Port FreeBSD to Nvidia Jetson TX1 and Nano. 2020-12-28 14:12:41 +01:00
i386 pccard: Remove wi(4) driver 2021-01-07 20:41:06 -07:00
isa
kern cache: just assign ni_resflags = NIRES_ABS 2021-01-08 13:57:10 +00:00
kgssapi State kgssapi dependency on xdr. 2020-09-17 22:29:38 +00:00
libkern libkern/strcasestr.c: Drop xlocale support and connect to build. 2021-01-08 02:18:42 +03:00
mips hid: Import functions and constants required by new subsystem 2021-01-08 02:18:42 +03:00
modules pccard: Remove wi(4) driver 2021-01-07 20:41:06 -07:00
net iflib: ensure that tx interrupts enabled and cleanups 2021-01-07 14:07:35 -08:00
net80211 net80211: fix a typo 2020-11-04 12:07:33 +00:00
netgraph pccard: Remove bt3c(4) driver 2021-01-07 20:40:41 -07:00
netinet igmp: Avoid leaking mbuf when source validation fails 2021-01-08 13:32:04 -05:00
netinet6 Refactor rt_addrmsg() and rt_routemsg(). 2021-01-07 19:38:19 +00:00
netipsec Trigger soft lifetime expiration on sequence number 2020-10-16 11:27:01 +00:00
netpfil pf: Copy kif flags to userspace 2021-01-07 22:26:05 +01:00
netsmb net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
nfs nfs: clean up empty lines in .c and .h files 2020-09-01 21:25:39 +00:00
nfsclient nfs: clean up empty lines in .c and .h files 2020-09-01 21:25:39 +00:00
nfsserver nfs: Mark unused statistics variable as reserved 2020-11-18 04:35:49 +00:00
nlm nlm: clean up empty lines in .c and .h files 2020-09-01 22:14:52 +00:00
ofed Update user access region, UAR, APIs in the core in mlx5core. 2021-01-08 13:33:46 +01:00
opencrypto Remove the cloned file descriptors for /dev/crypto. 2020-11-25 00:10:54 +00:00
powerpc hid: Import functions and constants required by new subsystem 2021-01-08 02:18:42 +03:00
riscv Skip the vm.pmap.kernel_maps sysctl by default. 2020-12-18 20:41:23 +00:00
rpc Add a new "tlscertname" NFS mount option. 2020-12-23 13:42:55 -08:00
security mac: cheaper check for mac_vnode_check_readlink 2021-01-08 13:57:10 +00:00
sys efidev: remove EFIIOC_GET_TABLE ioctl 2021-01-08 10:41:50 -06:00
teken loader: implement framebuffer console 2021-01-02 21:41:36 +02:00
tests Add small tool to invoke kernel test framework tests. 2020-09-02 09:20:40 +00:00
tools sys/tools: Add a tool for generating arm and arm64 kernel images. 2020-12-30 13:22:04 +01:00
ufs ffs: Support O_DSYNC. 2021-01-08 13:15:56 +13:00
vm uma: Avoid unmapping direct-mapped slabs 2021-01-03 11:50:31 -05:00
x86 x86: stop punishing VMs with low priority for TSC timecounter 2020-12-23 12:45:15 +02:00
xdr xdr: clean up empty lines in .c and .h files 2020-09-01 22:13:28 +00:00
xen xen: allow limiting the amount of duplicated pending xenstore watches 2020-12-30 11:18:26 +01:00
Makefile