freebsd-skq/usr.sbin
John Baldwin ed9ffd2f09 Validate guest-supplied length of headers for TSO transmit requests.
When transmitting a large TCP packet, the final transmit descriptor
includes the length of the protocol headers to be duplicated on each
segment.  The device model was trusting the guest-supplied value
without validating it.  A value of zero would result in the guest
being able to indirect a garbage pointer on the stack to overwrite
arbitrary memory in the bhyve process.  A value that was non-zero but
too small for the requested parameters resulted in the device model
reading and writing values beyond the end of the on-stack buffer used
to hold the template header.

To fix, validate the supplied length and drop requests to transmit
packets that would overflow the header buffer.  While here, initialize
the header pointer to NULL as a preventive measure so that any access
to an unallocated template header crashes they hypervisor
deterministically.

While here, only read the TCP sequence number if the packet being
split is a TCP packet.  The e1000 logic supports a segmentation of UDP
frames, and while UDP segmentation requires this part of the header to
be valid (so there is no buffer overflow), only reading the field when
needed is cleaner.

admbugs:	918
Reported by:	Reno Robert <renorobert@gmail.com>
Reviewed by:	markj
Approved by:	so
Security:	CVE-2019-5609
2019-08-05 21:39:55 +00:00
..
ac various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
accton General further adoption of SPDX licensing ID tags. 2017-11-20 19:49:47 +00:00
acpi Merge ACPICA 20190329. 2019-03-29 20:21:28 +00:00
adduser various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
amd Convert amd newvers to using newvers.sh -v. 2019-05-23 17:18:56 +00:00
ancontrol spdx: initial adoption of licensing ID tags. 2017-11-18 14:26:50 +00:00
apm DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
apmd Move apmd.conf to CONFS in usr.sbin/apmd which simplifies this nicely. 2018-07-26 16:51:23 +00:00
arp Remove infrastructure for token-ring networks. 2018-03-28 23:33:26 +00:00
audit DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
auditd Move OpenBSM to CONFS 2018-08-11 13:23:09 +00:00
auditdistd DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
auditreduce DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
authpf DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
autofs Fix segfault that could occur on "automount -LL". 2019-04-10 16:09:06 +00:00
bhyve Validate guest-supplied length of headers for TSO transmit requests. 2019-08-05 21:39:55 +00:00
bhyvectl style(9) remove unnecessary blank tabs. 2018-06-13 03:35:24 +00:00
bhyveload usr.sbin/bhyveload: don't leak an fd if a device can't be opened 2019-07-12 18:38:18 +00:00
binmiscctl Improve the binmiscctl manual page 2018-07-20 22:50:21 +00:00
blacklistctl DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
blacklistd Move blacklistd.conf to usr.sbin/blacklistd/ 2018-07-31 16:39:38 +00:00
bluetooth pkgbase: Add a FreeBSD-bluetooth package 2019-07-19 15:10:03 +00:00
boot0cfg Add a “skip_dsn” option to g_part's bootcode verb to prevent g_part_mbr 2018-11-27 14:58:19 +00:00
bootparamd DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
bsdconfig Remove iBCS2, part1: userspace 2018-12-19 21:56:54 +00:00
bsdinstall bsdinstall: up the interface before calling dhclient 2019-04-25 16:47:15 +00:00
bsnmpd No need for each bsnmpd(1) module to open connection to syslog 2019-06-21 07:45:58 +00:00
btxld Explicitly ignore return value from remove. We wouldn't do anything 2017-12-28 05:33:19 +00:00
camdd Fix uninitialized variable in camdd 2019-06-09 02:06:31 +00:00
cdcontrol DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
chkgrp various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
chown Handle overflow of uid or gid in arguments for chown 2018-09-26 18:40:57 +00:00
chroot chroot.8: Add examples & clean up 2019-03-14 14:34:36 +00:00
ckdist various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
clear_locks various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
config config: Only warn if duplicate option/device comes from the same file 2019-04-16 20:08:19 +00:00
cpucontrol cpucontrol: check for the supposed firmware file type and skip 2019-01-11 08:35:49 +00:00
crashinfo Support compressed crash dumps in crashinfo(8). 2018-07-23 18:08:56 +00:00
cron cron(8): schedule interval jobs that get loaded during execution 2019-04-20 02:54:20 +00:00
crunch Remove obsolete RELEASE_CRUNCH 2019-07-19 20:04:21 +00:00
ctladm Add device temperature reporting into CTL. 2019-07-26 03:49:16 +00:00
ctld iscsi: simplify the capsicumization 2018-11-30 19:40:16 +00:00
cxgbetool cxgbetool(8): Add a subaction (tcbrss <n>) that can be used with "pass" 2018-10-27 05:26:09 +00:00
daemon daemon(8): Don't block SIGTERM during restart delay 2019-06-04 16:07:01 +00:00
dconschat spdx: initial adoption of licensing ID tags. 2017-11-18 14:26:50 +00:00
devctl Fix gcc warning about shadowed global. 2019-04-05 20:12:19 +00:00
devinfo devinfo_init() returns an errno, but doesn't set errno, so the error 2018-05-30 15:08:59 +00:00
diskinfo Sanity check media size and sector counts to ensure that we don't 2018-01-06 12:34:03 +00:00
dumpcis Remove All Rights Reserved 2019-02-05 21:37:34 +00:00
editmap DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
edquota General further adoption of SPDX licensing ID tags. 2017-11-20 19:49:47 +00:00
eeprom various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
efibootmgr efibootmgr: Do not add the new boot entry in dry-run is specified 2019-05-10 16:44:35 +00:00
efidp Regularize the Netflix copyright 2019-02-04 21:28:25 +00:00
efivar Document the efivar --load-option option 2019-03-07 00:01:28 +00:00
etcupdate Move back group, master.passwd and shells to etc directory 2019-05-23 18:37:05 +00:00
extattr various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
extattrctl various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
fdcontrol Tag 'a' case as one we're intentionally falling through to 2018-01-05 07:28:48 +00:00
fdformat fdformat is a sysadmin command and thus its man page should be in 2017-12-05 05:02:46 +00:00
fdread various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
fdwrite SPDX: use the Beerware identifier. 2017-11-30 20:33:45 +00:00
fifolog various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
flowctl various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
fmtree DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
freebsd-update freebsd-update: restore old exit code when no updates are available locally 2019-03-12 08:31:43 +00:00
fstyp Drop "All rights reserved" from the files I own 2019-03-11 22:23:56 +00:00
ftp-proxy DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
fwcontrol Don't close fd twice. This line should have been deleted in r327279. 2018-01-05 05:34:20 +00:00
getfmac various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
getpmac various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
gpioctl gpioctl.8: Fix man page section 2018-06-06 18:52:33 +00:00
gssd * Handle SIGPIPE in gssd 2019-02-21 01:30:37 +00:00
gstat - Add CSV output to gstat via -C flag. 2018-08-21 11:22:49 +00:00
hyperv DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
i2c Add a new 'tr' (transfer) mode to i2c(8) to support more i2c controllers. 2019-05-22 21:06:10 +00:00
ifmcstat bits is never null when we call ot. Add an assert to that effect and 2018-01-05 07:28:58 +00:00
inetd Remove all the RELEASE_CRUNCH instances that partially disable IPSEC 2019-07-15 14:19:39 +00:00
iostat In iostat(8) output, skip the decimal point and the fractional part 2019-06-16 17:32:05 +00:00
iovctl DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
ip6addrctl General further adoption of SPDX licensing ID tags. 2017-11-20 19:49:47 +00:00
ipfwpcap Buildfix for GCC after r334277. 2018-05-28 09:41:44 +00:00
iscsid iscsi: simplify the capsicumization 2018-11-30 19:40:16 +00:00
jail Change ed(4), ep(4), and fxp(4) examples to em(4). 2019-05-18 21:01:36 +00:00
jexec various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
jls various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
kbdcontrol kbdcontrol -h prints two error messages. 2019-06-24 21:05:14 +00:00
kbdmap Silence a CI warning regarding the use of strcpy(). 2019-01-22 13:11:15 +00:00
keyserv DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
kgmon Free zbuf when kflag is true too. 2017-12-28 05:34:04 +00:00
kldxref kldxref(8): Sort MDT_MODULE info first in linker.hints output 2019-05-27 17:33:20 +00:00
lastlogin A single comma was missing to separate the "see also" items in 2018-10-20 17:22:04 +00:00
lpr Fix clang -Wcast-qual issues 2019-05-04 02:09:30 +00:00
lptcontrol various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
mailstats DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
mailwrapper Revert r326844 2018-01-02 16:50:57 +00:00
makefs makefs: Fix "time" mtree attribute handling 2019-03-18 19:26:36 +00:00
makemap DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
manctl spdx: initial adoption of licensing ID tags. 2017-11-18 14:26:50 +00:00
memcontrol various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
mergemaster Move back group, master.passwd and shells to etc directory 2019-05-23 18:37:05 +00:00
mfiutil Make mfiutil show progress print out the elapsed time estimate in a 2018-10-13 02:21:23 +00:00
mixer DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
mld6query Remove the USE_RFC2292BIS option and reap dead code 2019-07-22 20:11:33 +00:00
mlx5tool Ensure that only one command is specified at a time in mlx5tool(8). 2019-05-08 11:05:30 +00:00
mlxcontrol various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
mount_smbfs DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
mountd Fix strsep_quote() on strings without quotes. 2019-06-25 17:00:53 +00:00
moused Remove mse(4) from tree 2018-10-22 02:34:10 +00:00
mpsutil Pass data pointers to the driver in way in expects. 2019-05-30 15:07:39 +00:00
mptable various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
mptutil mptutil: emit a warning on big-endian architectures 2019-07-22 17:25:35 +00:00
mtest mtest: build with WARNS=3 2018-05-19 20:57:22 +00:00
ndiscvt ndiscvt(8): abort if no IDs were found during conversion. 2019-01-30 12:32:47 +00:00
ndp Update the "flag" for draft-ietf-6man-ipv6only-flag. 2018-11-03 18:03:24 +00:00
newsyslog Fix several Coverity-detected issues in newsyslog. 2019-02-22 15:31:50 +00:00
nfscbd DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
nfsd nfsd.8: Fix mandoc -Tlint and igor warnings 2019-05-09 19:03:52 +00:00
nfsdumpstate Add #ifdef INET6 around declaration of nbuf. 2019-04-28 22:37:59 +00:00
nfsrevoke DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
nfsuserd Delete the BUGS entry related to failing when jails are enabled. 2019-04-06 22:14:03 +00:00
ngctl Replace complicated expression to disable libedit when no libthr is being built 2019-07-15 14:23:51 +00:00
nghook DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
nmtree DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
nologin DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
nscd Workaround for nscd(8) failure with large entries. 2019-01-17 20:01:06 +00:00
ntp MK_OPENSSL makes RELEASE_CRUNCH redundant here 2019-07-15 07:39:28 +00:00
nvram
ofwdump DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
pc-sysinstall share and pc-sysinstall: adoption of SPDX licensing ID tags. 2017-11-27 15:28:26 +00:00
pciconf pciconf: report PCI Gen4 speeds 2019-07-23 16:28:17 +00:00
periodic Eliminate spurious periodic.daily error message for rotating accounting log. 2019-07-07 17:15:45 +00:00
pkg Keep two versions of the FreeBSD.conf pkg configuration file; one which 2019-04-24 06:25:21 +00:00
pmc pmc: Fix stack std::string lifetime 2019-05-22 01:22:33 +00:00
pmcannotate Teach pmcannotate about $TMPDIR and _PATH_TMP 2018-05-18 14:14:04 +00:00
pmccontrol restore pmccontrol -L behavior on x86 2018-09-24 19:06:09 +00:00
pmcstat Regularize the Netflix copyright 2019-02-04 21:28:25 +00:00
pmcstudy Regularize the Netflix copyright 2019-02-04 21:28:25 +00:00
pnfsdscopymr Fix the err() arguments for a nfssvc(8) failure. 2018-08-08 20:30:12 +00:00
pnfsdsfile Document the new "-m" command line option for pnfsdsfile(8). 2018-07-01 17:51:52 +00:00
pnfsdskill Document the "-f" option added to pnfsdskill(8) by r336176. 2018-07-10 18:44:44 +00:00
pnpinfo DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
portsnap Remove INDEX-10 reference, as 10.x is now EoL. 2019-04-16 14:07:14 +00:00
powerd powerd(8): allow to force a method of battery state query 2019-01-06 02:39:03 +00:00
ppp Retire the -DRELEASE_CRUNCH define. 2019-07-12 06:19:25 +00:00
pppctl pppctl88) Avoid strcpy() copies on overlapping string. 2018-01-29 14:23:44 +00:00
praliases DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
praudit praudit(1): add tests 2018-06-17 17:31:16 +00:00
prometheus_sysctl_exporter DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
pstat General further adoption of SPDX licensing ID tags. 2017-11-20 19:49:47 +00:00
pw Remove an uneeded indentation introduced in r286196 to silence gcc warnging 2019-05-25 21:57:01 +00:00
pwd_mkdb pwd_mkdb: retire -B and -L endianness options 2018-10-21 00:48:38 +00:00
pwm Oops, it seems I left out the word 'cycle', fix it. 2019-06-18 02:27:30 +00:00
quot Normally when an attempt is made to mount a UFS/FFS filesystem whose 2018-12-06 00:09:39 +00:00
quotaon General further adoption of SPDX licensing ID tags. 2017-11-20 19:49:47 +00:00
rarpd SPDX: mostly fixes to previous changes. 2017-12-13 16:13:17 +00:00
repquota General further adoption of SPDX licensing ID tags. 2017-11-20 19:49:47 +00:00
rip6query General further adoption of SPDX licensing ID tags. 2017-11-20 19:49:47 +00:00
rmt Fix missing files in METALOG with -DNO_ROOT 2018-06-29 21:15:17 +00:00
route6d Use the right variable when updating interface routes. 2018-08-08 20:15:40 +00:00
rpc.lockd userland: Fix several typos and minor errors 2017-12-27 03:23:01 +00:00
rpc.statd Reduce log spam from rpc.statd 2019-02-03 08:15:26 +00:00
rpc.umntall various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
rpc.yppasswdd rpc.yppasswdd: Fix dirname(3) usage after r305952. 2019-06-03 16:51:07 +00:00
rpc.ypupdated Fix memory / resource leaks in usr.sbin/rpc.ypupdated/update.c 2019-02-18 03:15:25 +00:00
rpc.ypxfrd spdx: initial adoption of licensing ID tags. 2017-11-18 14:26:50 +00:00
rpcbind Plug a possible memory leak. 2018-03-19 05:49:26 +00:00
rrenumd General further adoption of SPDX licensing ID tags. 2017-11-20 19:49:47 +00:00
rtadvctl Fix grammar. 2019-03-05 02:53:41 +00:00
rtadvd Remove obsolete compatibility code from rtadvd. 2019-07-17 16:50:53 +00:00
rtprio various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
rtsold rtsol: Use vwarnx(3) to log messages to standard error. 2019-02-27 18:13:41 +00:00
rwhod capsicum: use a new capsicum helpers in tools 2018-11-04 19:24:49 +00:00
sa various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
sendmail DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
service Use "$@" instead of $* to cope with parameters that have spaces in 2018-06-13 06:11:04 +00:00
services_mkdb Fix several places where tool name has been hardcoded: 2019-06-02 23:38:19 +00:00
sesutil Check element type before setting LEDs. 2019-02-04 01:24:10 +00:00
setfib General further adoption of SPDX licensing ID tags. 2017-11-20 19:49:47 +00:00
setfmac various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
setpmac various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
smbmsg various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
snapinfo various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
spi Add an example for displaying the manufacturer and size info from a 2018-06-23 23:08:25 +00:00
spkrtest various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
spray spray: fix the spelling in an output string 2018-03-05 16:13:29 +00:00
syslogd Fix compilation of world with WITHOUT_{INET,INET6}_SUPPORT or both set. 2019-03-03 10:00:26 +00:00
sysrc Update the spelling of my name 2019-04-22 17:52:46 +00:00
tcpdchk DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
tcpdmatch DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
tcpdrop Use uintptr_t alone when assigning to kvaddr_t variables. 2018-07-10 13:03:06 +00:00
tcpdump DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
tests
traceroute various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
traceroute6 Remove the USE_RFC2292BIS option and reap dead code 2019-07-22 20:11:33 +00:00
trim trim(8): emit more user-friendly error message in verbose mode. 2019-03-15 14:42:23 +00:00
trpt trpt(8): Clean up build hack to detect ancient compiler 2018-02-16 20:46:44 +00:00
tzsetup tzsetup: upgrade to zone1970.tab 2019-07-17 06:17:27 +00:00
uathload various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
uefisign Fix alignment issue in uefisign 2018-12-19 22:47:37 +00:00
ugidfw various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
uhsoctl Use correct type for IOCTL request argument. 2018-11-02 22:23:25 +00:00
unbound Check that /etc/resolv.conf exists before trying to read it. 2018-11-27 09:46:01 +00:00
usbconfig Clean up the EXAMPLES section of usbconfig(8). This removes parts that 2018-04-29 10:45:09 +00:00
usbdump Fix parsing of corrupt data in usbdump(8). Check that the transfer 2019-06-25 13:15:29 +00:00
utx various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
vidcontrol Fix restoring the geometry when recovering from an error. Just restore the 2019-04-08 04:07:37 +00:00
vigr
vipw General further adoption of SPDX licensing ID tags. 2017-11-20 19:49:47 +00:00
wake various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
watch Revert r327005 - SPDX tags for license similar to BSD-2-Clause. 2017-12-20 20:25:28 +00:00
watchdogd various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
wlandebug Revert r344211: wlandebug: disable PIE to fix build failure 2019-02-25 18:27:19 +00:00
wpa pkgbase: Add a FreeBSD-hostapd package 2019-07-19 15:09:00 +00:00
yp_mkdb spdx: initial adoption of licensing ID tags. 2017-11-18 14:26:50 +00:00
ypbind various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
ypldap DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
yppoll various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
yppush spdx: initial adoption of licensing ID tags. 2017-11-18 14:26:50 +00:00
ypserv su_data: correct macro expansion. 2018-02-08 14:53:34 +00:00
ypset various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
zic DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
zonectl DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
zzz
Makefile Remove NAND and NANDFS support 2019-06-25 04:50:09 +00:00
Makefile.amd64 Remove kgzip and kgzldr. 2019-05-24 05:34:21 +00:00
Makefile.arm
Makefile.arm64
Makefile.i386 Remove kgzip and kgzldr. 2019-05-24 05:34:21 +00:00
Makefile.inc
Makefile.mips
Makefile.powerpc Create a new MACHINE_ARCH for Freescale PowerPC e500v2 2016-10-22 01:57:15 +00:00
Makefile.riscv Build ofwdump on riscv. 2018-07-24 20:20:17 +00:00
Makefile.sparc64